From 6805e16ed77886b654da8407a0e5d4cbc67d30a1 Mon Sep 17 00:00:00 2001
From: Logan Marchione <logan@loganmarchione.com>
Date: Sat, 2 Apr 2022 16:14:14 -0400
Subject: [PATCH] Add container scan workflow

---
 .github/container_scan.yml | 43 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 .github/container_scan.yml

diff --git a/.github/container_scan.yml b/.github/container_scan.yml
new file mode 100644
index 0000000..8cd4f53
--- /dev/null
+++ b/.github/container_scan.yml
@@ -0,0 +1,43 @@
+name: Container scan on commit to master
+
+on:
+  push:
+    branches:
+      - master
+
+env:
+  USER: loganmarchione
+  REPO: docker-webdav-nginx
+
+jobs:
+  ubuntu_ci:
+    name: Build and scan
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out the codebase
+      uses: actions/checkout@v2
+
+    - name: Set variables
+      run: |
+        VER=$(cat VERSION)
+        echo "VERSION=$VER" >> $GITHUB_ENV
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v2
+      with:
+        push: false
+        context: .
+        file: Dockerfile
+        load: true
+        tags: |
+          ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
+          ${{ env.USER }}/${{ env.REPO }}:latest
+
+    - name: Container scan
+      uses: azure/container-scan@v0
+      with:
+        image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
+        severity-threshold: CRITICAL
+        run-quality-checks: true
\ No newline at end of file