feat(): execute Docker Scout against tags yielded by metadata step

e7d · Apr 5, 2024 · 30cb095 · 30cb095
1 parent 78860f1
commit 30cb095
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -40,11 +40,11 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Extract Docker metadata
-        id: meta
+        id: meta-ghcr
         uses: docker/metadata-action@v5
         with:
+          # ${{ vars.DOCKERHUB_IMAGE }}
           images: |
-            ${{ vars.DOCKERHUB_IMAGE }}
             ${{ vars.GHCR_IMAGE }}
           labels: |
             org.opencontainers.image.title=docker-diskmark
@@ -64,24 +64,24 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta-ghcr.outputs.tags }}
+          labels: ${{ steps.meta-ghcr.outputs.labels }}
       - name: Docker Scout
         id: docker-scout
         if: ${{ github.event_name == 'pull_request' }}
         uses: docker/scout-action@v1
         with:
           command: cves,recommendations,compare
-          image: ${{ vars.DOCKERHUB_IMAGE }}:${{ env.SHA }}
-          to: ${{ vars.DOCKERHUB_IMAGE }}:latest
+          image: ${{ steps.meta-ghcr.outputs.tags }}
+          to: ${{ vars.GHCR_IMAGE }}:latest
           ignore-base: true
           ignore-unchanged: true
           only-fixed: true
           # only-severities: critical,high
           write-comment: true
           github-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Update repo description
-        if: github.ref == 'refs/heads/main'
+        if: ${{ github.ref == 'refs/heads/main' }}
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}