docker-flutter-sdk/.gitea/workflows/scout.yaml

name: Docker Scout Analysis

on:
  pull_request:
    branches: ["**"]

permissions:
  contents: read
  pull-requests: write

env:
  IMAGE_NAME: flutter-sdk

jobs:
  scout:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - dockerfile: Dockerfile
            variant: web
          - dockerfile: Dockerfile.android
            variant: android
          - dockerfile: Dockerfile.linux
            variant: linux
    steps:
      - name: Log in to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Check if latest image exists
        id: should_run
        run: |
          if docker manifest inspect ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest > /dev/null 2>&1; then
            echo "run=true" >> $GITHUB_OUTPUT
            echo "${{ matrix.variant }}-latest found, Scout compare will run"
          else
            echo "run=false" >> $GITHUB_OUTPUT
            echo "No ${{ matrix.variant }}-latest found, skipping (nothing to compare against)"
          fi          

      - name: Checkout code
        if: steps.should_run.outputs.run == 'true'
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        if: steps.should_run.outputs.run == 'true'
        uses: docker/setup-buildx-action@v3

      - name: Build image
        if: steps.should_run.outputs.run == 'true'
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ${{ matrix.dockerfile }}
          platforms: linux/amd64
          push: false
          load: true
          tags: ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-pr-${{ github.event.pull_request.number }}

      - name: Install Docker Scout
        if: steps.should_run.outputs.run == 'true'
        run: |
          curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
          sh install-scout.sh          

      - name: Docker Scout Compare
        if: steps.should_run.outputs.run == 'true'
        run: |
          docker scout compare ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-pr-${{ github.event.pull_request.number }} --to ${{ vars.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest --ignore-unchanged --only-severity critical,high