docker-image.yml

name: Docker Image CI

on:
  push:
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'  
jobs:
  docker:
    runs-on: ubuntu-latest
    environment: Docker Image
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set env
        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build image and CI Scanning
        run: |
          # Build docker image
          docker build -t ${{ vars.IMAGE_NAME }}:latest .

          #Generate Console token
          token=$(curl -s -k ${{ secrets.PCC_URL }}/api/v1/authenticate -X POST -H "Content-Type: application/json" -d '{
            "username":"${{ secrets.PCC_USER }}",
            "password":"${{ secrets.PCC_PASS }}"
            }'  | grep -Po '"'"token"'"\s*:\s*"\K([^"]*)')
          
          #Download Twistcli
          curl -s -O ${{ secrets.PCC_URL }}/api/v1/util/twistcli -H "Authorization: Bearer $token"
          chmod a+x twistcli
          ./twistcli --version

          #Perform CI Scan
          ./twistcli images scan --address ${{ secrets.PCC_URL }} --token $token --details ${{ vars.IMAGE_NAME }}:latest

          #Perform Analysis Sandbox 
          sudo ./twistcli sandbox --address ${{ secrets.PCC_URL }} --token $token --analysis-duration 2m ${{ vars.IMAGE_NAME }}:latest
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ vars.IMAGE_NAME }}:latest,${{ vars.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}