Adservice CI #2

	name: Frontend CI Pipeline

	on:
	push:
	branches: [ main ]
	paths:
	- 'src/adservice/**'
	workflow_dispatch:

	permissions:
	actions: read
	security-events: write
	env:
	DOCKERHUB_ID: maestrops

	jobs:
	Adservice-CI:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set environment variables
	run: \|
	COMMIT_SHA=$(git rev-parse --short HEAD)
	echo "APP_NAME=adservice" >> $GITHUB_ENV
	echo "IMAGE_NAME=${{ env.DOCKERHUB_ID }}/${{ env.APP_NAME }}" >> $GITHUB_ENV
	echo "IMAGE_TAG_1=latest" >> $GITHUB_ENV
	echo "IMAGE_TAG_2=${{ github.run_number }}-$COMMIT_SHA" >> $GITHUB_ENV

	- name: Build Docker Image
	working-directory: src/adservice
	run: \|
	docker build -t ${{ env.IMAGE_NAME }} .
	docker tag ${{ env.IMAGE_NAME }} ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_2 }}
	# docker tag ${{ env.IMAGE_NAME }} ${{ env.DOCKERHUB_ID }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_1 }}

	- name: Run Trivy Scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.IMAGE_NAME }}
	format: 'sarif'
	output: '${{ env.APP_NAME }}.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: '${{ env.APP_NAME }}.sarif'

	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ env.DOCKERHUB_ID }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Push Docker Images
	run: \|
	docker push ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_1 }}
	docker push ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_2 }}

Provide feedback