fix #2

	name: Build
	on:
	push:


	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ghcr.io/${{ github.repository }}
	IMAGE_TAG: ${{ github.ref == 'refs/heads/master' && 'prod-' \|\| 'dev-' }}${{ github.sha }}


	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Setup Docker buildx
	uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push
	uses: docker/build-push-action@v4
	with:
	push: true
	tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}

	scan:
	permissions:
	contents: read
	packages: read
	runs-on: ubuntu-latest
	needs: [ build ]
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Scan Docker image
	uses: snyk/actions/docker@master
	continue-on-error: true
	with:
	image: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
	args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Snyk report as sarif
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: snyk.sarif

Provide feedback