docker.yaml

name: Build ckan-pycsw images

on:
  push:
    branches:
      - main
      - latest
    tags: 
      - 'v*.*.*'
  pull_request:
    branches:
      - main

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  CONTEXT: .
  DOCKERFILE_PATH: /ckan-pycsw
  DOCKERFILE: Dockerfile

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Login to registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
      -
        name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          context: ${{ env.CONTEXT }}
          file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

  scan_docker_image:
    permissions: write-all
    runs-on: ubuntu-latest
    needs: [ docker ]
    steps:
    -   name: Scan & lint image
        uses: ISID/build-and-scan-image@v0.4.2
        continue-on-error: true
        with:
          tag: ${{ env.IMAGE_NAME }}
          path: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
          dockerfile: ${{ env.DOCKERFILE }}
          hadolint-severity: error
          dockle-severity: FATAL
          trivy-severity: HIGH,CRITICAL