name: Docker Scout Analysis on: pull_request: branches: ["**"] permissions: contents: read pull-requests: write jobs: scout: runs-on: ubuntu-latest strategy: matrix: include: - dockerfile: Dockerfile image_name: gpb-flutter-sdk-web - dockerfile: Dockerfile.android image_name: gpb-flutter-sdk-android - dockerfile: Dockerfile.linux image_name: gpb-flutter-sdk-linux steps: - name: Log in to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Check if latest image exists id: should_run run: | if docker manifest inspect ${{ vars.REGISTRY }}/${{ matrix.image_name }}:latest > /dev/null 2>&1; then echo "run=true" >> $GITHUB_OUTPUT echo "Latest ${{ matrix.image_name }} found, Scout compare will run" else echo "run=false" >> $GITHUB_OUTPUT echo "No latest ${{ matrix.image_name }} found, skipping (nothing to compare against)" fi - name: Checkout code if: steps.should_run.outputs.run == 'true' uses: actions/checkout@v3 - name: Set up Docker Buildx if: steps.should_run.outputs.run == 'true' uses: docker/setup-buildx-action@v3 - name: Build image if: steps.should_run.outputs.run == 'true' uses: docker/build-push-action@v5 with: context: . file: ${{ matrix.dockerfile }} platforms: linux/amd64 push: false load: true tags: ${{ vars.REGISTRY }}/${{ matrix.image_name }}:pr-${{ github.event.pull_request.number }} - name: Install Docker Scout if: steps.should_run.outputs.run == 'true' run: | curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh sh install-scout.sh - name: Docker Scout Compare if: steps.should_run.outputs.run == 'true' run: | docker scout compare ${{ vars.REGISTRY }}/${{ matrix.image_name }}:pr-${{ github.event.pull_request.number }} --to ${{ vars.REGISTRY }}/${{ matrix.image_name }}:latest --ignore-unchanged --only-severity critical,high