feat: test docker container on pull request

[bernacodesido]

Test docker container on pull request using example config which was also updated.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	11bd71901bbe5b1630ceea73d27597364c9af683	🟢 5.3	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected

Scanned Files

• .github/workflows/docker.yml

[Copilot]

Pull Request Overview

Adds Slack credentials and example address/signers to the sample config, and introduces a GitHub Actions workflow to build and smoke–test the Docker container on PRs.

• Expanded config.example.yaml with Slack tokens, channel IDs, and extra safe addresses/signers.
• Added .github/workflows/docker.yml to validate Docker build and container startup logs.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
config.example.yaml	Updated example config with Slack settings and extra entries for safeAddresses and signers
.github/workflows/docker.yml	New workflow to build the Docker image and verify healthcheck log output

Comments suppressed due to low confidence (2)

config.example.yaml:8

• [nitpick] The signer value "Alice" uses title case, while existing entries use lowercase (e.g. "alice"). Consider normalizing casing to maintain consistency.

  "0x1234567890123456789012345678901234567890": "Alice"

config.example.yaml:6

• The YAML mapping here is invalid: you have a scalar list entry with a colon inside quotes and no proper mapping structure. Consider using a mapping under safeAddresses instead of a quoted string.

- "rsk:0x0000000000000000000000000000000000000001": "Safe 1"

[Copilot]

Use placeholder syntax (e.g. <SLACK_BOT_TOKEN>) instead of a realistic-looking token to avoid confusion and accidental leaks.

Suggested change

	slackBotToken: "xoxb-1234567890-1234567890-1234567890"
	slackBotToken: "<SLACK_BOT_TOKEN>"

[Copilot]

Pinning to a specific commit SHA can make upgrades harder; consider using the version tag (e.g. actions/checkout@v4) for clearer maintenance.

Suggested change

	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
	uses: actions/checkout@v4.2.2

[Copilot]

Add the --rm flag to docker run to automatically clean up the container after stopping, avoiding leftover containers on the runner.

Suggested change

	container_id=$(docker run -d --name safe-watcher-container -v $(pwd)/config.example.yaml:/app/config.yaml safe-watcher:latest)
	container_id=$(docker run -d --rm --name safe-watcher-container -v $(pwd)/config.example.yaml:/app/config.yaml safe-watcher:latest)

[Copilot]

This loop polls without delay and may spin CPU. Insert a sleep 1 (or appropriate interval) inside the loop to avoid busy–waiting.