kube-bench/.github/workflows/publish.yml

---
name: Publish
on:
  workflow_dispatch:
  push:
    tags:
      - "v*"
env:
  ALIAS: aquasecurity
  DOCKERHUB_ALIAS: aquasec
  REP: kube-bench
jobs:
  publish:
    name: Publish
    runs-on: ubuntu-18.04
    steps:
      - name: Check Out Repo
        uses: actions/checkout@v2
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildxarch-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildxarch-            
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to ECR
        uses: docker/login-action@v1
        with:
          registry: public.ecr.aws
          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
      - name: Get version
        id: get_version
        uses: crazy-max/ghaction-docker-meta@v3
        with:
          images: ${{ env.REP }}
          tag-semver: |
            {{version}}            

      - name: Build and push - Docker/ECR
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64
          builder: ${{ steps.buildx.outputs.name }}
          push: true
          tags: |
            ${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
            ${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:latest
            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest            
          cache-from: type=local,src=/tmp/.buildx-cache/release
          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
      - name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}