Build and Deploy #49

	name: Build and Deploy
	on:
	push:
	branches: [ release ]
	workflow_dispatch:
	# build and deploy automatically once a month
	schedule:
	- cron: "7 0 1 * *"

	jobs:
	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v2
	-
	name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	-
	name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	-
	name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	-
	name: Build and push
	id: docker_build
	uses: docker/build-push-action@v2
	with:
	push: true
	tags: pbeke/qownnotes-web-app:latest
	-
	name: Image digest
	run: echo ${{ steps.docker_build.outputs.digest }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
	with:
	image-ref: 'pbeke/qownnotes-web-app:latest'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback