Yannig is building code-server #3

	---
	name: Build code-server docker image
	run-name: ${{ github.actor }} is building code-server

	on:
	push:
	branches: ["main"]
	paths:
	- "code-server/**"
	pull_request:
	branches: ["main"]
	paths:
	- "code-server/**"

	env:
	REGISTRY: ghcr.io
	IMAGE_TAG: ${{ github.repository }}/code-server:4.96.2-ubuntu

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/[email protected]
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v6
	with:
	context: code-server
	push: true
	tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}

	scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	needs: build
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
	format: "table"
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	env:
	TRIVY_USERNAME: ${{ github.actor }}
	TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

	check:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/[email protected]
	- uses: docker/[email protected]
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Dockerfile linting
	uses: hadolint/[email protected]
	with:
	dockerfile: code-server/Dockerfile
	ignore: DL3018,DL3015,DL3008

Provide feedback