.github/workflows/ci.yml

name: Continuous Integration
env:
  DOCKER_IMAGE: wyrihaximusnet/github-actions-alpine
  DOCKER_IMAGE_VERSION: 3
  DOCKER_BUILDKIT: 1
  DOCKER_CLI_EXPERIMENTAL: enabled
on:
  push:
    branches:
      - master
  pull_request:
  schedule:
    - cron:  '13 13 13 * *'
jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Lint ${{ matrix.type }}
        uses: docker://hadolint/hadolint:latest-debian
        with:
          entrypoint: hadolint
          args: Dockerfile
  build:
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - run: mkdir ./docker-image/
      - run: docker build . -t "${DOCKER_IMAGE}:${DOCKER_IMAGE_VERSION}" --no-cache
      - run: docker save "${DOCKER_IMAGE}" -o ./docker-image/docker_image.tar
      - run: docker images
      - name: Upload Image
        uses: actions/upload-artifact@v2
        with:
          name: docker-image
          path: ./docker-image
  scan-vulnerability:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Install clair-scanner
        run: |
          sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
          sudo chmod +x /usr/local/bin/clair-scanner
      - uses: actions/download-artifact@master
        with:
          name: docker-image
          path: ./docker-image
      - run: docker load --input ./docker-image/docker_image.tar
      - run: mkdir -p "./clair/${DOCKER_IMAGE}"
      - run: make ci-scan-vulnerability
  push:
    needs:
      - scan-vulnerability
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
      - uses: actions/download-artifact@master
        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
        with:
          name: docker-image
          path: ./docker-image
      - run: docker load --input ./docker-image/docker_image.tar
        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
      - name: Login to Docker Hub
        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
        env:
          DOCKER_USER: ${{ secrets.HUB_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.HUB_PASSCODE }}
        run: |
          echo "${{ secrets.HUB_PASSCODE }}" | \
          docker login \
            --username "${{ secrets.HUB_USERNAME }}" \
            --password-stdin
      - run: docker push "${DOCKER_IMAGE}:${DOCKER_IMAGE_VERSION}"
        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'