Ci/action #18

	name: Contiuous Integration

	on:
	push:
	pull_request:

	permissions:
	contents: write
	packages: write
	security-events: write

	jobs:
	rel:
	name: Build, scan & push Snapshot
	runs-on: ubuntu-latest

	permissions:
	contents: write
	packages: write
	security-events: write

	steps:

	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version-file: go.mod

	- name: Build snapshot artifacts
	uses: goreleaser/goreleaser-action@v5
	with:
	version: latest
	args: release --snapshot --clean --config .goreleaser-ci.yaml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Get Version
	id: version
	run: jq -r '.version' ./dist/metadata.json \| { read value; echo "value=$value"; } >> "$GITHUB_OUTPUT"

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "ghcr.io/caas-team/sparrow:v${{ steps.version.outputs.value }}"
	format: "sarif"
	output: "trivy-results.sarif"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results.sarif"

	- name: Registry login
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push snapshot container image
	run: docker push ghcr.io/caas-team/sparrow:v${{ steps.version.outputs.value }}

Provide feedback