Fix scan image

Signed-off-by: mjanez <96422458+mjanez@users.noreply.github.com>
mjanez · Sep 14, 2023 · 607a8e3 · 607a8e3
1 parent 4232b4f
commit 607a8e3
Showing 1 changed file with 10 additions and 32 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -14,6 +14,8 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  CONTEXT: .
+  DOCKERFILE: ./ckan-pycsw/Dockerfile
 
 jobs:
   docker:
@@ -49,37 +51,13 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          context: .
-          file: ./ckan-pycsw/Dockerfile
+          context: ${{ env.CONTEXT }}
+          file: ${{ env.DOCKERFILE }}
 
-  scan_docker_image:
-    permissions:
-      id-token: read
-      contents: read
-      packages: read
-    runs-on: ubuntu-latest
-    needs: [ docker ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Scan Docker image
-        uses: snyk/actions/docker@master
-        continue-on-error: true
-        with:
-          image: ${{ env.REGISTRY }}/${{ github.repository }}
-          args: --file=./ckan-pycsw/Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
-      - name: Upload Snyk report
-        uses: github/codeql-action/upload-sarif@v2
+      - 
+        name: Scan image
+        uses: ISID/build-and-scan-image@main
         with:
-          sarif_file: snyk.sarif
+          tag: ${{ env.IMAGE_NAME }}
+          path: ${{ env.CONTEXT }}
+          dockerfile: ${{ env.DOCKERFILE }}