diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b77c628..1a7bb32 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -158,33 +158,7 @@ jobs: type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} - - name: Build Docker image - uses: docker/build-push-action@v6 - with: - context: . - load: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - target: prod - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Scan frontend image for vulnerabilities - uses: anchore/scan-action@v5 - id: scan - env: - GRYPE_CONFIG: .grype.yaml - with: - image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}" - fail-build: true - severity-cutoff: high - only-fixed: "true" - output-format: sarif - - - - - name: Push Docker image - if: github.event_name == 'push' + - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: . @@ -193,6 +167,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} target: prod cache-from: type=gha + cache-to: type=gha,mode=max - name: Create git tag if: github.event_name == 'push' && github.ref == 'refs/heads/main' @@ -209,7 +184,7 @@ jobs: uses: actions/checkout@v4 with: repository: cartsnitch/infra - token: ${{ secrets.GITEA_TOKEN }} + token: ${{ secrets.GITEA_DEPLOY_KEY }} ref: main path: infra @@ -253,7 +228,7 @@ jobs: uses: actions/checkout@v4 with: repository: cartsnitch/infra - token: ${{ secrets.GITEA_TOKEN }} + token: ${{ secrets.GITEA_DEPLOY_KEY }} ref: main path: infra