add image scanning on pull_request #3

	name: image-scanning-on-pull-request
	on:
	pull_request:
	jobs:
	use-trivy-to-scan-image:
	name: image scannning
	# prevent job running from forked repository
	if: ${{ github.repository == 'karmada-io/karmada' }}
	runs-on: ubuntu-22.04
	steps:
	- name: checkout code
	uses: actions/checkout@v3
	- name: install Go
	uses: actions/setup-go@v3
	with:
	go-version: 1.20.11
	- name: Build images from Dockerfile
	run: \|
	export VERSION="latest"
	export REGISTRY="docker.io/karmada"
	make images GOOS="linux" --directory=.
	- name: download Trivy vulnerability scanner
	run: \|
	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \| sh -s -- -b /usr/local/bin v0.48.1
	- name: Image scan
	run: \|
	export VERSION="latest"
	export REGISTRY="docker.io/karmada"
	IMAGE_ARRAR=(
	karmada-controller-manager
	karmada-scheduler
	karmada-descheduler
	karmada-webhook
	karmada-agent
	karmada-scheduler-estimator
	karmada-interpreter-webhook-example
	karmada-aggregated-apiserver
	karmada-search
	karmada-operator
	karmada-metrics-adapter
	)
	for image in ${IMAGE_ARRAR[@]}
	do
	echo "========== Scan results of image $image =========="
	imageRef="$REGISTRY/$image:$VERSION"
	trivy image --format table --ignore-unfixed --vuln-type os,library -q --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL $imageRef
	done

Provide feedback