Skip to content

Feature/integrate docker scout with git hub actions #27

Feature/integrate docker scout with git hub actions

Feature/integrate docker scout with git hub actions #27

Workflow file for this run

name: Vulnerability Comparison
on:
pull_request:
branches: ["**"]
env:
# Image repository, without hostname and tag
IMAGE_NAME: ${{ github.repository }}
SHA: ${{ github.event.pull_request.head.sha || github.event.after }}
jobs:
build-and-release:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ env.SHA }}
- name: Set short SHA
id: vars
run: echo "SHA_SHORT=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
load: ${{ github.event_name == 'pull_request' }}
tags: "ghcr.io/${{ env.IMAGE_NAME }}:${{ env.SHA_SHORT }}"
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Authenticate to Docker
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Docker Scout
id: docker-scout
uses: docker/scout-action@v1
with:
command: compare
image: "gatewaydio/gatewayd:latest"
to: "ghcr.io/${{ env.IMAGE_NAME }}:${{ env.SHA_SHORT }}"
ignore-unchanged: true
only-severities: critical,high
github-token: ${{ secrets.GITHUB_TOKEN }}