Skip to content

feat: upload scan report #19

feat: upload scan report

feat: upload scan report #19

name: Build and publish docker images
on:
push:
branches:
- "*"
schedule:
- cron: "0 2 * * *"
jobs:
build:
name: Build & push docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- context: ./php8.1-composer
image: ghcr.io/xima-media/php8.1-composer
- context: ./php8.2-composer
image: ghcr.io/xima-media/php8.2-composer
- context: ./php8.3-composer
image: ghcr.io/xima-media/php8.3-composer
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Composer version
id: composer
run: |
VERSION=$(curl --silent https://api.github.com/repos/composer/composer/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "::set-output name=version::$(echo ${VERSION})"
- name: Log in to GitHub packages
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ matrix.image }}
- name: Build and publish docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.context }}
push: true
tags: ${{ matrix.image }}:${{ steps.composer.outputs.version }}
labels: ${{ steps.meta.outputs.labels }}
- name: Anchore Syft SBOM scan
id: scan
uses: anchore/scan-action@v3
with:
image: ${{ matrix.image }}:${{ steps.composer.outputs.version }}
fail-build: false
- name: Upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.scan.outputs.sarif }}