diff --git a/.github/workflows/docker_scout.yaml b/.github/workflows/docker_scout.yaml index 7707c13f..55d87f40 100644 --- a/.github/workflows/docker_scout.yaml +++ b/.github/workflows/docker_scout.yaml @@ -5,6 +5,13 @@ on: branches: - "feature/integrate_docker_scout_with_gitHub_actions" tags: ["*"] + pull_request: + branches: ["**"] + +env: + # Image repository, without hostname and tag + IMAGE_NAME: ${{ github.repository }} + SHA: ${{ github.event.pull_request.head.sha || github.event.after }} permissions: contents: write @@ -19,40 +26,32 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 - - name: Set up Go 1.22 - uses: actions/setup-go@v5 - with: - go-version: "1.22" - cache: true - - name: Install nfpm for building Linux packages - run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest - - name: Build and release binaries - run: make build-release - - name: Build and release Linux packages - run: make build-linux-packages - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + ref: ${{ env.SHA }} + - name: Set short SHA + id: vars + run: echo "SHA_SHORT=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Sign in to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: | - gatewaydio/gatewayd - ghcr.io/gatewayd-io/gatewayd - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v5 with: context: . - sbom: true - provenance: mode=max - tags: "ghcr.io/sinadarbouy/gatewayd:test" + load: true + tags: "ghcr.io/${{ env.IMAGE_NAME }}:$SHA_SHORT" + - name: Authenticate to Docker + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PAT }} + - name: Docker Scout + id: docker-scout + # if: ${{ github.event_name == 'pull_request' }} + uses: docker/scout-action@v1 + with: + command: compare + image: "gatewaydio/gatewayd:latest" + to: "ghcr.io/sinadarbouy/gatewayd:test" + ignore-unchanged: true + only-severities: critical,high + github-token: ${{ secrets.GITHUB_TOKEN }}