name: Docker Image Build and Analysis on: schedule: - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. workflow_dispatch: # Manual run trigger inputs: trigger-build: description: 'Trigger a manual build and push' default: 'true' jobs: build-and-analyze: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build Docker image id: build-image run: | echo "Building Docker image..." docker build -t my-app-image:latest . echo "Docker image built successfully." - name: Install Docker Scout run: | echo "Installing Docker Scout..." curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- echo "Docker Scout installed successfully." - name: Analyze Docker image with Docker Scout id: analyze-image run: | echo "Analyzing Docker image with Docker Scout..." docker scout cves my-app-image:latest > scout-results.txt cat scout-results.txt # Print the report to the workflow logs for easy viewing echo "Docker Scout analysis completed." - name: Post Comment on Issue or PR run: | COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`" # Post comment using GitHub API curl -X POST \ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Accept: application/vnd.github.v3+json" \ -d "{\"body\": \"$COMMENT\"}" \ "https://api.github.com/repos/${{ github.repository }}/issues/1/comments" # Replace '1' with the issue or PR number