feat: consolidate deployment targets and publish to ghcr.io (#2539)

* WIP: proof of concept * basic meta tag injection * add support for scraping public/private links * make tests go brrrrr * cleanup initialization * rewrite build config * remove recipe meta on frontend * make type checker happy * remove other deployment methods * fix issue with JSON response on un-authenticated request * docs updates * update tivy scanner * fix linter stuff * change registry tag * build fixes * fix same mistake I always make
2025-08-05 21:45:25 +02:00 · 2023-09-14 06:40:13 -08:00 · 2023-09-14 06:40:13 -08:00 · 2ad6af2cce
commit 2ad6af2cce
parent aec4cb4f31
34 changed files with 268 additions and 793 deletions
--- a/.github/workflows/partial-trivy-container-scanning.yml
+++ b/.github/workflows/partial-trivy-container-scanning.yml
@ -0,0 +1,31 @@
+name: Trivy Container Scanning
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    name: Build and Scan Container
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build Dockerfile
+        run: |
+          docker build -t mealie --file=./docker/Dockerfile .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          ignore-unfixed: true
+          image-ref: "mealie"
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"