From ed322ac6664306c13ed673e0fa7dd6f76ebc9841 Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Mon, 11 Jul 2022 18:49:55 +0600
Subject: [PATCH] ci: add pushing canary build images to registries (#2428)

---
 .github/workflows/canary.yaml           |  4 ++++
 .github/workflows/reusable-release.yaml | 17 ++++++++++++++++-
 Dockerfile.canary                       | 10 ++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile.canary

diff --git a/.github/workflows/canary.yaml b/.github/workflows/canary.yaml
index a0444e925c..b2a68337a2 100644
--- a/.github/workflows/canary.yaml
+++ b/.github/workflows/canary.yaml
@@ -3,6 +3,10 @@ on:
   push:
     branches:
       - 'main'
+    paths:
+      - '**.go'
+      - 'Dockerfile.canary'
+      - '.github/workflows/canary.yaml'
   workflow_dispatch:
 
 jobs:
diff --git a/.github/workflows/reusable-release.yaml b/.github/workflows/reusable-release.yaml
index 956d0f12ff..ff4e29db2b 100644
--- a/.github/workflows/reusable-release.yaml
+++ b/.github/workflows/reusable-release.yaml
@@ -84,6 +84,21 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
 
+      ## push images to registries
+      ## only for canary build
+      - name: Build and push
+        if: ${{ inputs.goreleaser_config == 'goreleaser-canary.yml' }}
+        uses: docker/build-push-action@v3
+        with:
+          platforms: linux/amd64, linux/arm64
+          file: ./Dockerfile.canary # path to Dockerfile
+          context: .
+          push: true
+          tags: |
+            aquasec/trivy:canary
+            ghcr.io/aquasecurity/trivy:canary
+            public.ecr.aws/aquasecurity/trivy:canary
+
       - name: Cache Trivy binaries
         uses: actions/cache@v3.0.4
         with:
@@ -91,4 +106,4 @@ jobs:
           # use 'github.sha' to create a unique cache folder for each run.
           # use 'github.workflow' to create a unique cache folder if some runs have same commit sha.
           # e.g. build and release runs
-          key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
+          key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
\ No newline at end of file
diff --git a/Dockerfile.canary b/Dockerfile.canary
new file mode 100644
index 0000000000..e8a5b40f90
--- /dev/null
+++ b/Dockerfile.canary
@@ -0,0 +1,10 @@
+FROM alpine:3.16.0
+RUN apk --no-cache add ca-certificates git
+
+# binaries were created with GoReleaser
+# need to copy binaries from folder with correct architecture
+# example architecture folder: dist/trivy_canary_build_linux_arm64/trivy
+ARG TARGETARCH
+COPY "dist/trivy_canary_build_linux_${TARGETARCH}/trivy" /usr/local/bin/trivy
+COPY contrib/*.tpl contrib/
+ENTRYPOINT ["trivy"]