pomverte is building bats #16

	---
	name: Build bats docker image
	run-name: ${{ github.actor }} is building bats

	on:
	pull_request:
	branches: [ "main" ]
	paths:
	- 'bats/**'

	env:
	REGISTRY: ghcr.io
	IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4.1.1

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@v3.0.0
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v5.1.0
	with:
	context: bats
	push: true
	tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}

	scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	needs: build
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	env:
	TRIVY_USERNAME: ${{ github.actor }}
	TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

	check:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4.1.1
	- uses: docker/login-action@v3.0.0
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Dockerfile linting
	uses: hadolint/hadolint-action@v3.1.0
	with:
	dockerfile: bats/Dockerfile
	ignore: DL3018

Provide feedback