From 4dd873d0cacf4cb0beab4cf42476420c1545f71e Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Fri, 24 Jan 2025 08:23:55 +0200
Subject: [PATCH] Add security check before docker publish

Fix #624
---
 .github/workflows/release-image.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml
index cb317100..6a97faca 100644
--- a/.github/workflows/release-image.yml
+++ b/.github/workflows/release-image.yml
@@ -33,5 +33,20 @@ jobs:
         with:
           context: .
           file: ./Dockerfile
+          push: false
+          tags: ${{ env.TAGS }}
+    
+      - name: Scan image for vulnerabilities
+        uses: aquasecurity/trivy-action@0.29.0
+        with:
+          image-ref: ${{ env.TAGS }}
+          format: 'table'
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH'
+    
+      - name: Push image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
           push: true
           tags: ${{ env.TAGS }}