fix

swagger-main/swagger-editor/.github/workflows/docker-build-push.yml

@@ -0,0 +1,74 @@
+# inspired by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+name: Build & Push SwaggerEditor@next Docker image
+
+on:
+  workflow_run:
+    workflows: ["Release SwaggerEditor@next"]
+    types:
+      - completed
+    branches: [next]
+
+jobs:
+
+  build-push:
+    if: github.event.workflow_run.conclusion == 'success'
+    name: Build & Push SwaggerEditor@next Docker image
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: next
+
+      - name: Download build artifact
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            const matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "build"
+            })[0];
+            const download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            const fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
+      - run: |
+          mkdir build
+          unzip build.zip -d build
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
+
+      - name: Build docker image and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/386,linux/ppc64le,linux/s390x
+          tags: swaggerapi/swagger-editor:next-v5
+
+      - name: Build unprivileged docker image and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: Dockerfile.unprivileged
+          push: true
+          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/386,linux/ppc64le,linux/s390x
+          tags: swaggerapi/swagger-editor:next-v5-unprivileged