test: update docker scout ci

Signed-off-by: Robert Waffen <rwaffen@gmail.com>
voxpupuli · Aug 30, 2024 · 3927816 · 3927816
1 parent e52c921
commit 3927816
Showing 1 changed file with 38 additions and 27 deletions.
diff --git a/.github/workflows/docker_scout.yml b/.github/workflows/docker_scout.yml
@@ -34,33 +34,44 @@ jobs:
  strategy:
  matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
  steps:
- - name: Login to Docker Hub
- uses: docker/login-action@v3
- with:
- username: voxpupulibot
- password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Build local container
+ uses: docker/build-push-action@v6
+ with:
+ tags: 'ci/test:${{ matrix.puppet_release }}'
+ push: false
+ build-args: |
+ BASE_IMAGE=${{ matrix.base_image }}
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: voxpupulibot
+ password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
 
- - name: Analyze container image for CVEs
- id: analyze-image-cves
- uses: docker/scout-action@v1
- with:
- command: cves
- image: 'local://ci/test:${{ matrix.puppet_release }}'
- sarif-file: sarif.output.${{ matrix.puppet_release }}.${{ github.sha }}.json
- write-comment: false
+  - name: Analyze container image for CVEs
+  id: analyze-image-cves
+  uses: docker/scout-action@v1
+  with:
+  command: cves
+  image: 'local://ci/test:${{ matrix.puppet_release }}'
+  sarif-file: sarif.output.${{ matrix.puppet_release }}.${{ github.sha }}.json
+  write-comment: false
 
- - name: Compare container image to latest from Registry
- id: compare-image
- uses: docker/scout-action@v1
- with:
- command: compare
- image: 'local://ci/test:${{ matrix.puppet_release }}'
- to: 'ghcr.io/voxpupuli/test:${{ matrix.puppet_release }}-main'
- summary: true
- keep-previous-comments: true
+  - name: Compare container image to latest from Registry
+  id: compare-image
+  uses: docker/scout-action@v1
+  with:
+  command: compare
+  image: 'local://ci/test:${{ matrix.puppet_release }}'
+  to: 'ghcr.io/voxpupuli/test:${{ matrix.puppet_release }}-main'
+  summary: true
+  keep-previous-comments: true
 
- - name: Upload SARIF result
- id: upload-sarif
- uses: github/codeql-action/upload-sarif@v3
- with:
- sarif_file: sarif.output.${{ matrix.puppet_release }}.${{ github.sha }}.json
+  - name: Upload SARIF result
+  id: upload-sarif
+  uses: github/codeql-action/upload-sarif@v3
+  with:
+  sarif_file: sarif.output.${{ matrix.puppet_release }}.${{ github.sha }}.json