Docker healthcheck added, CI updated, docker image build optimized (#10)

.github/workflows/release.yml

@@ -12,6 +12,11 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v2
 
+      - uses: gacts/github-slug@v1
+        id: slug
+
+      - uses: docker/setup-buildx-action@v1
+
       - name: Login to default Container Registry
         uses: docker/login-action@v1 # Action page: <https://github.com/docker/login-action>
         with:
@@ -25,21 +30,13 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GHCR_PASSWORD }}
 
-      - name: Generate image tag value
-        id: tag
-        run: echo "::set-output name=value::`echo ${GITHUB_REF##*/} | sed -e 's/^[vV ]*//'`" # `/refs/tags/v1.2.3` -> `1.2.3`
-
-      - name: Build image
-        run: |
-          docker build \
-            --tag "tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
-            --tag "tarampampam/3proxy:latest" \
-            --tag "ghcr.io/${{ github.actor }}/3proxy:${{ steps.tag.outputs.value }}" \
-            --tag "ghcr.io/${{ github.actor }}/3proxy:latest" \
-            -f ./Dockerfile .
-
-      - name: Push into default registry
-        run: docker push "tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "tarampampam/3proxy:latest"
-
-      - name: Push into ghcr.io
-        run: docker push "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "ghcr.io/tarampampam/3proxy:latest"
+      - uses: docker/build-push-action@v2 # Action page: <https://github.com/docker/build-push-action>
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: |
+            tarampampam/3proxy:${{ steps.slug.outputs.version-semantic }}
+            tarampampam/3proxy:latest
+            ghcr.io/${{ github.actor }}/${{ github.event.repository.name }}:${{ steps.slug.outputs.version-semantic }}
+            ghcr.io/${{ github.actor }}/${{ github.event.repository.name }}:latest

.github/workflows/tests.yml

@@ -2,13 +2,23 @@ name: tests
 
 on:
   push:
-    branches:
-      - master
-    tags-ignore:
-      - '**'
-  pull_request:
+    branches: [master, main]
+    tags-ignore: ['**']
+  pull_request: {}
 
 jobs: # Docs: <https://git.io/JvxXE>
+  gitleaks:
+    name: Gitleaks
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Check for GitLeaks
+        uses: zricethezav/gitleaks-action@v1.6.0 # Action page: <https://github.com/zricethezav/gitleaks-action>
+
   build-image:
     name: Build docker image
     runs-on: ubuntu-20.04
@@ -36,6 +46,28 @@ jobs: # Docs: <https://git.io/JvxXE>
           path: ./docker-image.tar
           retention-days: 1
 
+  scan-image:
+    name: Scan docker image
+    runs-on: ubuntu-20.04
+    needs: [build-image]
+    steps:
+      - name: Download built docker image
+        uses: actions/download-artifact@v2
+        with:
+          name: docker-image
+          path: .artifact
+
+      - name: Prepare image to run
+        working-directory: .artifact
+        run: docker load < docker-image.tar
+
+      - name: Scan image
+        uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
+        with:
+          image: 3proxy:local
+          fail-build: true
+          severity-cutoff: low # negligible, low, medium, high or critical
+
   try-to-use:
     name: Build and use docker image (auth ${{ matrix.auth }})
     runs-on: ubuntu-20.04