Update PR lint workflow to post Docker image info

- Modify Docker build step to tag images using PR number only - Add a new step to retrieve Docker image information using docker inspect and jq - Add another step to post this Docker image information as a comment on the PR using actions/github-script - The image information includes the image ID, creation time, size, and tags
jag-k · Apr 9, 2024 · a4992c7 · a4992c7
1 parent d5b28b9
commit a4992c7
Showing 1 changed file with 25 additions and 16 deletions.
diff --git a/.github/workflows/pr_lint.yml b/.github/workflows/pr_lint.yml
@@ -3,10 +3,6 @@ name: PR Validation
 on:
   pull_request:
 
-permissions:
-  contents: read
-  pull-requests: write
-
 jobs:
   validate-labels:
     runs-on: ubuntu-latest
@@ -121,20 +117,37 @@ jobs:
 
   validate-docker-build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      packages: read
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+#      - name: Login to Docker Hub
+#        uses: docker/login-action@v3
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v4.4.0
+        uses: docker/metadata-action@v5
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: |
-            org.opencontainers.image.revision=${{ env.SHA }}
+            org.opencontainers.image.revision=${{ github.sha }}
           tags: |
             type=sha,prefix=,suffix=,format=short
 
@@ -159,16 +172,12 @@ jobs:
           platforms: linux/amd64,linux/arm64,linux/arm/v7
 
       - name: Docker Scout
-        id: docker-scout
         uses: docker/scout-action@v1
         with:
-          command: cves,recommendations,compare
-          to-latest: true
-          ignore-base: true
-          only-fixed: true
+          registry: ghcr.io
+          registry-username: ${{ github.actor }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
+          command: quickview,recommendations,compare,environment
           image: ${{ steps.meta.outputs.tags }}
-          to: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
-          ignore-unchanged: true
-          only-severities: critical,high
-          write-comment: true
+          to-latest: true
           github-token: ${{ secrets.GITHUB_TOKEN }}