Skip to content

Add Content-Security-Policy to increase security #874

Add Content-Security-Policy to increase security

Add Content-Security-Policy to increase security #874

Workflow file for this run

name: Docker
on:
pull_request:
branches: [ "main" ]
push:
branches: [ "main" ]
tags:
- v*
workflow_dispatch:
inputs:
tag:
description: 'Docker tag for build results'
type: string
default: manual
required: true
schedule:
- cron: "0 0 * * *"
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read # for checkout
id-token: write # for OIDC token, used for Depot
packages: write # to upload build to GHCR
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Work out Docker tags
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=raw,value=${{ inputs.tag }},event=workflow_dispatch
type=schedule,pattern=nightly
type=semver,pattern={{version}}
type=ref,event=pr
type=edge
- name: Depot setup
uses: depot/setup-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
id: depot
uses: depot/build-push-action@v1
with:
project: bsbhgkfhgc
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm/v7,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
APP_VERSION=${{ steps.docker_meta.outputs.version }}
GIT_SHA=${{ github.sha }}