cacert #68

	name: cacert

	on:
	push:
	branches:
	- main
	paths:
	- ca-certificates/**
	- .github/workflows/cacert.yaml
	schedule:
	- cron: "5 0 * * 0"

	jobs:
	build:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	context: ./ca-certificates
	file: ./ca-certificates/Dockerfile
	push: true
	tags: ${{ secrets.DOCKER_HUB_USERNAME }}/ca-certificates:latest

	- name: Scan for vulnerabilities
	id: scan
	uses: crazy-max/ghaction-container-scan@v3
	with:
	image: ${{ secrets.DOCKER_HUB_USERNAME }}/ca-certificates:latest
	dockerfile: ./ca-certificates/Dockerfile

	- name: Upload SARIF file
	if: ${{ steps.scan.outputs.sarif != '' }}
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

Provide feedback