diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..c3c2771 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,47 @@ +name: Docker Image Build and Analysis + +on: + schedule: + - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. + workflow_dispatch: # Manual run trigger + inputs: + trigger-build: + description: 'Trigger a manual build and push' + default: 'true' + +jobs: + build-and-analyze: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build Docker image + id: build-image + run: | + docker build -t my-app-image:latest . + + - name: Install Docker Scout + run: | + curl -fsSL https://get.docker.com/scout/install.sh | sh + + - name: Analyze Docker image with Docker Scout + id: analyze-image + run: | + docker scout cves --format json my-app-image:latest > scout-results.json + + - name: Upload Scout results + uses: actions/upload-artifact@v3 + with: + name: scout-results + path: scout-results.json