.github/workflows/docker-push.yml

name: Create and publish a Docker image

on:
  push:
    branches: 
    - "*"
  pull_request:
    branches:
      - "main" 

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  SUFFIX: ${{ github.ref == 'refs/heads/main' && '' || format('dev{0}', github.run_number) }}
  GENERIC_TAG: ${{ github.ref == 'refs/heads/main' && 'latest' || 'dev' }}

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Log in to the Container registry
        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - uses: actions-ecosystem/action-get-latest-tag@v1
        id: get-latest-tag
  
      - name: Build Docker image
        uses: docker/build-push-action@v4.1.1
        with:
          context: .
          push: false
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }}dev${{ github.run_number }}
          labels: ${{ steps.meta.outputs.labels }}

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }}dev${{ github.run_number }}'
  

      - name: Push Docker image
        uses: docker/build-push-action@v4.1.1
        with:
          context: .
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }}${{ env.SUFFIX }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{env.GENERIC_TAG}}
          labels: ${{ steps.meta.outputs.labels }}