---
name: Container Security Scan with Trivy
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  scan-container:
    name: Build
    runs-on: ubuntu-18.04
    steps:
      ######################
      # Checkout code base #
      ######################
      - name: Checkout code
        uses: actions/checkout@v2

      # ##########################
      # # Build the docker image #
      # ##########################
      # - name: Build an image from Dockerfile
      #   run: |
      #     docker build -t docker.io/github/super-linter:${{ github.sha }} .

      ###########################################
      # Download and install Trivy and template #
      ###########################################
      - name: Download and Install Trivy
        shell: bash
        run: |
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b ${GITHUB_WORKSPACE}
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/sarif.tpl -o sarif.tpl

      #################################
      # Run Trivy Scan of source code #
      #################################
      - name: Trivy Scan
        shell: bash
        run: ./.automation/trivy-security-scan.sh

      ################################
      # Upload report to secrity tab #
      ################################
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        if: always()
        with:
          sarif_file: 'report.sarif'