CI pipeline #5

	name: CI - Security Scan + Build and Push to Docker Hub

	on:
	push:
	branches: ["main"]
	workflow_dispatch:

	jobs:
	shai-hulud-detector:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout current repo
	uses: actions/checkout@v4
	with:
	path: app
	clean: false

	- name: Checkout Cobenian/shai-hulud-detect
	uses: actions/checkout@v4
	with:
	repository: Cobenian/shai-hulud-detect
	path: hulud
	clean: false

	- name: Security Scan with Shai-Hulud Detector
	# Pipeline will automatically fail on exit codes 1 or 2
	run: \|
	chmod +x ./hulud/shai-hulud-detector.sh
	./hulud/shai-hulud-detector.sh ./app

	build-and-push-admin:
	needs: shai-hulud-detector
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Compute tags
	run: \|
	echo "IMAGE_TAG_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV

	- name: Login to DockerHub (admin)
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_ADMIN_USERNAME }}
	password: ${{ secrets.DOCKERHUB_ADMIN_TOKEN }}

	- name: Build and push Docker image (admin)
	uses: docker/build-push-action@v6
	with:
	context: .
	push: true
	tags: \|
	docker.io/${{ secrets.DOCKERHUB_ADMIN_USERNAME }}/seb-documentation:latest
	docker.io/${{ secrets.DOCKERHUB_ADMIN_USERNAME }}/seb-documentation:${{ env.IMAGE_TAG_SHA }}

Provide feedback