--- when: - event: [pull_request, tag] - event: [push, manual] branch: - ${CI_REPO_DEFAULT_BRANCH} steps: binary: image: docker.io/clux/muslrust:stable commands: - apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev - make build executable: image: docker.io/alpine commands: - src/target/x86_64-unknown-linux-musl/release/vaultwarden --help - src/target/x86_64-unknown-linux-musl/release/vaultwarden --version security-build: image: quay.io/thegeeklab/wp-docker-buildx:1 settings: containerfile: Containerfile.multiarch output: type=oci,dest=oci/${CI_REPO_NAME},tar=false repo: thegeeklab/${CI_REPO_NAME} security-scan: image: ghcr.io/aquasecurity/trivy commands: - trivy -v - trivy image --input oci/${CI_REPO_NAME} environment: TRIVY_EXIT_CODE: "1" TRIVY_IGNORE_UNFIXED: "true" TRIVY_NO_PROGRESS: "true" TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_TIMEOUT: 1m TRIVY_SKIP_FILES: /usr/local/bin/gomplate publish-dockerhub: group: container image: quay.io/thegeeklab/wp-docker-buildx:1 settings: auto_tag: true containerfile: Containerfile password: from_secret: docker_password provenance: false repo: thegeeklab/${CI_REPO_NAME} username: from_secret: docker_username when: - event: [tag] - event: [push, manual] branch: - ${CI_REPO_DEFAULT_BRANCH} publish-quay: group: container image: quay.io/thegeeklab/wp-docker-buildx:1 settings: auto_tag: true containerfile: Containerfile password: from_secret: quay_password provenance: false registry: quay.io repo: quay.io/thegeeklab/${CI_REPO_NAME} username: from_secret: quay_username when: - event: [tag] - event: [push, manual] branch: - ${CI_REPO_DEFAULT_BRANCH}