trying to make scout work

Author: shelajev

.github/workflows/dbc.yml

@@ -2,10 +2,17 @@ name: dbc
 
 on:
   workflow_run:
-    workflows: [Java CI with Maven]
+    workflows: [tests]
     types:
       - completed
 
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: docker.io
+  IMAGE_NAME: olegselajev241/todo-demo-application
+  SHA: ${{ github.event.pull_request.head.sha || github.event.after }}
+
+
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -23,11 +30,26 @@ jobs:
           version: "lab:latest"
           driver: cloud
           endpoint: "docker/devrel"
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/[email protected]
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.revision=${{ env.SHA }}
+          tags: |
+            type=edge,branch=$repo.default_branch
+            type=semver,pattern=v{{version}}
+            type=sha,prefix=,suffix=,format=shorts
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
-          tags: "olegselajev241/todo-demo-application:latest"
+          tags: |
+           "latest"
+            ${{ steps.meta.outputs.tags }}
           # For pull requests, export results to the build cache.
           # Otherwise, push to a registry.
           outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry,push=true' }}

.github/workflows/google-cloudrun-docker.yml

@@ -3,7 +3,7 @@ name: 'Deploy to Cloud Run'
 
 on:
   workflow_run:
-    workflows: [dbc]
+    workflows: [scout]
     types:
       - completed
 

.github/workflows/maven.yml

@@ -6,7 +6,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Java CI with Maven
+name: tests
 
 on:
   push:

.github/workflows/scout.yml

@@ -0,0 +1,56 @@
+name: Docker
+
+on:
+  workflow_run:
+    workflows: [dbc]
+    types:
+      - completed
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: docker.io
+  IMAGE_NAME: olegselajev241/todo-demo-application
+  SHA: ${{ github.event.pull_request.head.sha || github.event.after }}
+  # Use `latest` as the tag to compare to if empty, assuming that it's already pushed
+  COMPARE_TAG: latest
+
+jobs:
+  scout:
+    runs-on: ubuntu-latest
+
+    steps:
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/[email protected]
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.revision=${{ env.SHA }}
+          tags: |
+            type=edge,branch=$repo.default_branch
+            type=semver,pattern=v{{version}}
+            type=sha,prefix=,suffix=,format=shorts
+
+      - name: Docker Scout
+        id: docker-scout
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          image: ${{ steps.meta.outputs.tags }}
+          to: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
+          ignore-unchanged: true
+          only-severities: critical,high
+          write-comment: false