nginx/.gitea/workflows/alpine.yaml

name: Build and push Nginx on alpine based container images

on:
  push:
    branches:
      - master

jobs:
  build:
    name: Build nginx container images
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    strategy:
      matrix:
        version:
          - alpine: "3.17"
            nginx: "1.22"
          - alpine: "3.19"
            nginx: "1.24"
          - alpine: "3.21"
            nginx: "1.26"
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Login to quay.io
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_SECRET }}
      # - name: Set up QEMU
      #   uses: docker/setup-qemu-action@v3
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push nginx on alpine base
        uses: docker/build-push-action@v5
        with:
          # platforms: linux/amd64,linux/arm64
          push: true
          context: .
          file: Dockerfile.alpine
          build-args: |
            ALPINE_VERSION=${{ matrix.version.alpine }}
            NGINX_VERSION=${{ matrix.version.nginx }}            
          tags: |
            quay.io/sindigilive/nginx:${{ matrix.version.nginx }}-alpine            
      - name: Scan container image with Trivy
        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'quay.io/sindigilive/nginx:${{ matrix.version.nginx }}-alpine'
          format: 'sarif'
          output: 'trivy-results.sarif'
  build-latest:
    name: Build latest nginx alpine based container images
    runs-on: ubuntu-latest
    needs:
      - build
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Login to quay.io
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_SECRET }}
      # - name: Set up QEMU
      #   uses: docker/setup-qemu-action@v3
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push latest nginx
        uses: docker/build-push-action@v5
        with:
          # platforms: linux/amd64,linux/arm64
          push: true
          context: .
          file: Dockerfile.alpine
          tags: |
            quay.io/sindigilive/nginx:alpine
            quay.io/sindigilive/nginx:latest