qbt-gluetun-portmgr/.gitea/workflows/docker-build.yaml

name: Build and Push Docker Image

on:
  push:
    branches:
      - "**"

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: 'trivy-results.sarif'

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Compute image tag
        id: tag
        run: |
          BRANCH="${{ gitea.ref_name }}"

          if [ "$BRANCH" = "main" ]; then
            TAG="latest"
          elif [[ "$BRANCH" == v* ]]; then
            TAG="$BRANCH"
          else
            TAG="test"
          fi

          echo "tag=$TAG" >> $GITHUB_OUTPUT

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: blinkfink182/qbt-gluetun-portmgr:${{ steps.tag.outputs.tag }}

      - name: Notify Apprise (success)
        if: success()
        run: |
          curl -X POST \
            -H "Content-Type: application/json" \
            -d "{
              \"tags\": \"all\",
              \"title\": \"Gitea Build Succeeded\",
              \"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nImage tag built successfully\"
            }" \
            http://10.47.0.213:4444/notify/926263506803e21d72e382edd0caf3fb510a9629d860601dfb79506b5758c133

      - name: Notify Apprise (failure)
        if: failure()
        run: |
          curl -X POST \
            -H "Content-Type: application/json" \
            -d "{
              \"tags\": \"all\",
              \"title\": \"Gitea Build Failed\",
              \"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nCheck logs in Gitea\"
            }" \
            http://10.47.0.213:4444/notify/926263506803e21d72e382edd0caf3fb510a9629d860601dfb79506b5758c133