Merge pull request #39 from walnuts1018/renovate/github.com-air-verse… #11

	name: Docker Image Build
	on:
	push:
	branches:
	- main
	workflow_dispatch:

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	steps:
	- name: Check out
	uses: actions/checkout@v4

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: walnuts1018
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3
	with:
	version: latest

	- name: Build and push Docker images
	uses: docker/build-push-action@v6
	with:
	push: true
	file: Dockerfile
	platforms: linux/amd64
	cache-from: type=gha
	cache-to: type=gha,mode=max
	# build-args: TARGETARCH=amd64,TARGETOS=linux
	tags: \|
	ghcr.io/walnuts1018/mpeg-dash-encoder:latest
	ghcr.io/walnuts1018/mpeg-dash-encoder:${{ github.sha }}-${{ github.run_number }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: "ghcr.io/walnuts1018/mpeg-dash-encoder:${{ github.sha }}-${{ github.run_number }}"
	format: "sarif"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	output: "trivy-results-backend.sarif"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: "trivy-results-backend.sarif"

Provide feedback