name: Docker Scout Analysis on: pull_request: branches: ["**"] permissions: contents: read pull-requests: write env: IMAGE_NAME: gpb-flutter-sdk-web jobs: check-image: runs-on: ubuntu-latest outputs: image_exists: ${{ steps.check.outputs.exists }} steps: - name: Log in to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_SVRNTY_USERNAME }} password: ${{ secrets.DOCKERHUB_SVRNTY_ACCESS_TOKEN }} - name: Check if latest image exists id: check run: | if docker manifest inspect ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:latest > /dev/null 2>&1; then echo "exists=true" >> $GITHUB_OUTPUT echo "Latest image found, Scout compare will run" else echo "exists=false" >> $GITHUB_OUTPUT echo "No latest image found, skipping Scout compare (nothing to compare against)" fi scout-amd64: runs-on: ubuntu-latest needs: check-image if: needs.check-image.outputs.image_exists == 'true' steps: - name: Checkout code uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_SVRNTY_USERNAME }} password: ${{ secrets.DOCKERHUB_SVRNTY_ACCESS_TOKEN }} - name: Build amd64 image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64 push: false load: true tags: ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}-amd64 - name: Install Docker Scout run: | curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh sh install-scout.sh - name: Docker Scout Compare (amd64) run: | docker scout compare ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}-amd64 --to ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:latest --ignore-unchanged --only-severity critical,high