try to fix Docker Scout workflow

scrayosnet · Feb 5, 2024 · b48f673 · b48f673
1 parent fcb14b0
commit b48f673
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -32,14 +32,14 @@ jobs:
       uses: docker/setup-buildx-action@v3
 
     - name: Login into Docker Hub
-      if: github.event_name != 'pull_request'
+      if: ${{ github.event_name != 'pull_request' }}
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
     - name: Login into GitHub Container Registry
-      if: github.event_name != 'pull_request'
+      if: ${{ github.event_name != 'pull_request' }}
       uses: docker/login-action@v3
       with:
         registry: ${{ env.REGISTRY }}
@@ -65,19 +65,25 @@ jobs:
         cache-from: type=gha
         cache-to: type=gha,mode=max
 
+    # https://github.com/docker/scout-action/issues/16
+    - name: Workaround Docker Scout Bug
+      id: meta-workaround
+      run: echo "tag=$(echo ${{ steps.meta.outputs.tags }} | head -1)" >> $GITHUB_OUTPUT
+
     - name: Scan vulnerabilities with Docker Scout
       id: docker-scout
-      if: github.event_name != 'pull_request_target'
+      if: ${{ github.event_name != 'pull_request_target' }}
       uses: docker/scout-action@v1
       with:
         command: cves
+        image: ${{ steps.meta-workaround.outputs.tag }}
         sarif-file: sarif.output.json
         exit-code: true
         summary: true
 
     - name: Upload SARIF result
       id: upload-sarif
-      if: github.event_name != 'pull_request_target'
+      if: ${{ github.event_name != 'pull_request_target' }}
       uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: sarif.output.json