Updated Github Action

tmachyshyn · tmachyshyn · commit e0b5b1b4aa2a · 2024-08-08T16:50:03.000+03:00
diff --git a/.github/workflows/push-to-dockerhub.yml b/.github/workflows/push-to-dockerhub.yml
@@ -4,36 +4,45 @@ on:
   release:
     types: [published]
 
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: espocrm/espocrm
+
 jobs:
   dockerhub:
     runs-on: ubuntu-latest
+
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Authenticate to registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
         with:
+          registry: ${{ env.REGISTRY }}
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Get Version
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Get Version
         id: get_version
         uses: battila7/get-version-action@v2
-      -
-        name: apache
-        uses: docker/build-push-action@v4
+
+      - name: Apache Build
+        uses: docker/build-push-action@v6
         with:
           context: ./apache
           platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           push: true
+          labels: ${{ steps.meta.outputs.labels }}
           tags: |
             espocrm/espocrm:latest
             espocrm/espocrm:${{ steps.get_version.outputs.version }}
@@ -43,27 +52,62 @@ jobs:
             espocrm/espocrm:${{ steps.get_version.outputs.version }}-apache
             espocrm/espocrm:${{ steps.get_version.outputs.major }}.${{ steps.get_version.outputs.minor }}-apache
             espocrm/espocrm:${{ steps.get_version.outputs.major }}-apache
-      -
-        name: fpm
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Apache Docker Scout
+        id: apache-scout
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:apache
+          ignore-unchanged: true
+          only-severities: critical,high
+
+      - name: FPM Build
         uses: docker/build-push-action@v4
         with:
           context: ./fpm
           platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           push: true
+          labels: ${{ steps.meta.outputs.labels }}
           tags: |
             espocrm/espocrm:fpm
             espocrm/espocrm:${{ steps.get_version.outputs.version }}-fpm
             espocrm/espocrm:${{ steps.get_version.outputs.major }}.${{ steps.get_version.outputs.minor }}-fpm
             espocrm/espocrm:${{ steps.get_version.outputs.major }}-fpm
-      -
-        name: fpm-alpine
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: FPM Docker Scout
+        id: fpm-scout
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:fpm
+          ignore-unchanged: true
+          only-severities: critical,high
+
+      - name: FPM-Alpine Build
         uses: docker/build-push-action@v4
         with:
           context: ./fpm-alpine
           platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           push: true
+          labels: ${{ steps.meta.outputs.labels }}
           tags: |
             espocrm/espocrm:fpm-alpine
             espocrm/espocrm:${{ steps.get_version.outputs.version }}-fpm-alpine
             espocrm/espocrm:${{ steps.get_version.outputs.major }}.${{ steps.get_version.outputs.minor }}-fpm-alpine
             espocrm/espocrm:${{ steps.get_version.outputs.major }}-fpm-alpine
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: FPM Alpine Docker Scout
+        id: fpm-alpine-scout
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:fpm-alpine
+          ignore-unchanged: true
+          only-severities: critical,high
