Merge pull request #1448 from evemonk/updates #1536

	name: Docker

	on:
	push:
	branches:
	- main
	tags:
	- "v..*"
	schedule:
	- cron: "0 21 * * 6"

	permissions:
	contents: read

	jobs:
	build:
	runs-on: ubuntu-24.04

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
	with:
	egress-policy: audit

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
	with:
	images: biow0lf/evemonk-pg-extras

	- name: Login to Docker Hub
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

	- name: Build and push
	id: docker_build
	uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
	with:
	pull: true
	push: true
	no-cache: true
	platforms: linux/amd64
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Image digest
	run: echo ${{ steps.docker_build.outputs.digest }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
	continue-on-error: true
	with:
	image-ref: "docker.io/biow0lf/evemonk-pg-extras:main"
	format: "table"
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"

Provide feedback