Skip to content
Docker build and push

Docker build and push #615

Sign in to view logs

Docker build and push

Docker build and push #615

Workflow file for this run

.github/workflows/docker-build-push.yaml at fba646f
name: Docker build and push
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
push:
tags:
env:
REGISTRY: ghcr.io
IMAGE_NAME: wordpress
USER: nidr0x
jobs:
build-and-push:
name: Build and push
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE_NAME }}
- uses: oprypin/find-latest-tag@v1
with:
repository: nidr0x/docker-production-wordpress
releases-only: true
id: wordpress
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64
tags: |
${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE_NAME }}:${{ steps.wordpress.outputs.tag }}
${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
image-security:
name: Image security scan (Trivy)
runs-on: ubuntu-latest
needs: build-and-push
strategy:
matrix:
platforms: [linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64]
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: "${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE_NAME }}:${{ steps.wordpress.outputs.tag }}"
env:
TRIVY_PLATFORM: ${{ matrix.platforms }}