fix: update Docker Scout image references and add wait step for image availability

2025-12-10 13:36:45 +03:00 · 2025-06-15 14:43:31 +05:30
parent 7f7e510400
commit 9e2285d614
1 changed files with 11 additions and 4 deletions
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -104,13 +104,20 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

+      # Wait for image to be available in registry
+      - name: Wait for image availability
+        if: github.event_name != 'pull_request'
+        run: |
+          echo "Waiting for image to be available in registry..."
+          sleep 5
+
      # Docker Scout comprehensive security analysis
      - name: Docker Scout - Vulnerability Analysis & Recommendations
        uses: docker/scout-action@v1
        if: github.event_name != 'pull_request'
        with:
          command: cves,recommendations
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
          sarif-file: scout-results.sarif
          summary: true
          exit-code: true
@@ -138,7 +145,7 @@ jobs:
        if: github.event_name == 'pull_request'
        with:
          command: compare
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
+          image: local://gitea-mirror:scan
          to: ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
          ignore-unchanged: true
          only-severities: critical,high
@@ -155,10 +162,10 @@ jobs:
      # Docker Scout policy evaluation
      - name: Docker Scout - Policy Evaluation
        uses: docker/scout-action@v1
-        if: always()
+        if: always() && github.event_name != 'pull_request'
        with:
          command: policy
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
          exit-code: false
          write-comment: true
          github-token: ${{ secrets.GITHUB_TOKEN }}