name: Container scan on commit to master

on:
  push:
    branches:
      - master

env:
  USER: loganmarchione
  REPO: docker-webdav-nginx

jobs:
  ubuntu_ci:
    name: Build and scan

    runs-on: ubuntu-latest

    steps:
    - name: Check out the codebase
      uses: actions/checkout@v2

    - name: Set variables
      run: |
        VER=$(cat VERSION)
        echo "VERSION=$VER" >> $GITHUB_ENV

    - name: Build Docker Image
      uses: docker/build-push-action@v2
      with:
        push: false
        context: .
        file: Dockerfile
        load: true
        tags: |
          ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
          ${{ env.USER }}/${{ env.REPO }}:latest

    - name: Container scan
      uses: azure/container-scan@v0
      with:
        image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
        severity-threshold: CRITICAL
        run-quality-checks: true