Merge pull request #7 from mqxym/version-2-1-0 #19

	name: Build and Publish CLI Docker Image

	# on push to main or manual trigger
	on:
	push:
	branches:
	- main
	workflow_dispatch:

	permissions:
	contents: read
	packages: write

	env:
	VERSION: "0.0.0"

	jobs:
	publish:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Get CLI version
	run: \|
	echo "VERSION=$(jq -r .version package.json)" >> $GITHUB_ENV

	- name: Log in to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and push image
	uses: docker/build-push-action@v4
	id: publish
	with:
	context: .
	file: Dockerfile
	push: true
	tags: \|
	ghcr.io/${{ github.repository_owner }}/cryptit-cli:latest
	ghcr.io/${{ github.repository_owner }}/cryptit-cli:${{ env.VERSION }}
	ghcr.io/${{ github.repository_owner }}/cryptit-cli:${{ github.sha }}


	- name: Confirm pushed image
	run: echo "ghcr.io/${{ github.repository_owner }}/cryptit-cli@sha256:${{ steps.publish.outputs.digest }}"

	- name: Install Trivy
	uses: aquasecurity/setup-trivy@v0.2.3
	with:
	version: 'latest'
	cache: true

	- name: Scan Docker image with Trivy
	run: \|
	trivy image \
	--exit-code 1 \
	--severity HIGH,CRITICAL \
	--ignore-unfixed \
	ghcr.io/${{ github.repository_owner }}/cryptit-cli:latest

Provide feedback