Create docker-publish-debian.yml

.github/workflows/docker-publish-debian.yml

@@ -0,0 +1,96 @@
+name: Docker Image CI Debian
+
+on:
+  schedule:
+    - cron: '31 17 * * 1'
+  workflow_dispatch:
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      security-events: write
+
+    steps:
+      - 
+        name: Docker Setup QEMU
+        uses: docker/setup-qemu-action@v3
+        id: qemu
+        with:
+          platforms: amd64,arm64,arm
+      - 
+        name: Docker Setup Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - 
+        name: Login to DockerHub
+        uses: docker/login-action@v3 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - 
+        name: Log into ghcr.io registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Login to Quay.io
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+      -
+        name: Build and test docker image
+        uses: docker/build-push-action@v5
+        with:
+          load: true
+          tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      -
+        name: Test
+        run: |
+          docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen --help
+      -
+        name: Retrieve doxygen version
+        run: |
+          echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen -V)" >> $GITHUB_ENV
+      - 
+        name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: image
+          image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:test
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results-debian.sarif'
+          severity: 'MEDIUM,CRITICAL,HIGH'
+          hide-progress: false
+      - 
+        name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-debian.sarif'
+      - 
+        name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.debian
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            ghcr.io/kingpin/${{ github.event.repository.name }}:debian
+            docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian
+            quay.io/kingpinx1/${{ github.event.repository.name }}:debian
+            ghcr.io/kingpin/${{ github.event.repository.name }}:debian-${{ env.doxygen_version }}
+            docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-${{ env.doxygen_version }}
+            quay.io/kingpinx1/${{ github.event.repository.name }}:debian-${{ env.doxygen_version }}