2.6.0 #41

	name: Build and scan

	on:
	push:
	tags:
	- '*'


	permissions:
	contents: read

	jobs:
	build-push:
	runs-on: ubuntu-latest
	steps:
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Quay.io
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_ROBOT_TOKEN }}

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	push: true
	tags: quay.io/3sky/keycloak-aurora:${{ github.ref_name }}
	build-args: \|
	BUILD_DATE=${{ github.event.repository.updated_at }}
	VERSION=${{ github.ref_name }}

	analysis:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	needs: build-push
	name: Vulnerability scanner for containers
	runs-on: ubuntu-latest
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: quay.io/3sky/keycloak-aurora:${{ github.ref_name }}
	format: sarif
	output: trivy-results.sarif
	severity: MEDIUM,CRITICAL,HIGH
	ignore-unfixed: true
	timeout: 15m

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback