.github/workflows/docker-image.yml

name: Docker Image CI

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  workflow_dispatch:

jobs:

  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    
    - name: Build Image
      run: |
        docker build -t "${{ secrets.DOCKERHUB_USERNAME }}/petclinic:${{ github.sha }}" .
        docker images
        
    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: "${{ secrets.DOCKERHUB_USERNAME }}/petclinic:${{ github.sha }}"
        format: 'table'
        exit-code: '1'
        ignore-unfixed: true
        vuln-type: 'os,library'
        severity: 'CRITICAL,HIGH'

    - name: Docker Login
      run: docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}

    - name: Docker Push
      run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/petclinic:${{ github.sha }}