scout-cron.yml

name: Scout Images

on:
    schedule:
      - cron: '10 9 * * 1'   # 9:10 on Monday

jobs:
  releases:
    runs-on: ubuntu-latest
    outputs:
      releases: ${{ steps.releases.outputs.releases }}
    steps:
    - name: List last releases
      id: releases
      run: echo "releases:$(gh release list -L 3 --json tagName -q '[ .[].tagName ]')"  >> "$GITHUB_OUTPUT"

  scout:
    runs-on: ubuntu-latest
    needs: releases
    strategy:
      fail-fast: false
      matrix:
        image:
          - dockerhubaneo/armonik_pollingagent
          - dockerhubaneo/armonik_control_metrics
          - dockerhubaneo/armonik_control_partition_metrics
          - dockerhubaneo/armonik_control
          - dockerhubaneo/armonik_core_stream_test_worker
          - dockerhubaneo/armonik_core_stream_test_client
          - dockerhubaneo/armonik_core_htcmock_test_worker
          - dockerhubaneo/armonik_core_htcmock_test_client
          - dockerhubaneo/armonik_core_bench_test_worker
          - dockerhubaneo/armonik_core_bench_test_client
        version: ${{ fromJSON(needs.releases.outputs.releases) }}
    steps:
    - name: Login to Docker Hub
      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
      with:
        username: ${{ secrets.DOCKER_HUB_LOGIN }}
        password: ${{ secrets.DOCKER_HUB_TOKEN }}
    - name: Analyze for critical and high CVEs
      uses: docker/scout-action@cc6bf8dd03587425ef920278b3e2726ba8d791e8 # v1
      with:
        command: cves
        image: "${{ matrix.image }}:${{ matrix.image }}"
        sarif-file: "${{ matrix.image }}_${{ matrix.image }}.sarif.json"
        summary: true
        platform: linux/arm64,linux/amd64,windows/amd64
    - name: print sarif file
      run: cat "${{ matrix.image }}_${{ matrix.image }}.sarif.json"