diff --git a/.github/container_scan.yml b/.github/container_scan.yml new file mode 100644 index 0000000..8cd4f53 --- /dev/null +++ b/.github/container_scan.yml @@ -0,0 +1,43 @@ +name: Container scan on commit to master + +on: + push: + branches: + - master + +env: + USER: loganmarchione + REPO: docker-webdav-nginx + +jobs: + ubuntu_ci: + name: Build and scan + + runs-on: ubuntu-latest + + steps: + - name: Check out the codebase + uses: actions/checkout@v2 + + - name: Set variables + run: | + VER=$(cat VERSION) + echo "VERSION=$VER" >> $GITHUB_ENV + + - name: Build Docker Image + uses: docker/build-push-action@v2 + with: + push: false + context: . + file: Dockerfile + load: true + tags: | + ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} + ${{ env.USER }}/${{ env.REPO }}:latest + + - name: Container scan + uses: azure/container-scan@v0 + with: + image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} + severity-threshold: CRITICAL + run-quality-checks: true \ No newline at end of file