Docker-Build #24

	name: Docker-Build

	on:
	workflow_run:
	workflows:
	- Python-Build
	types:
	- completed

	jobs:
	docker-build:
	runs-on: ubuntu-latest
	if: ${{ github.event.workflow_run.conclusion == 'success' }}
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: docker login
	uses: docker/login-action@v2
	with:
	registry: ${{ secrets.CONTAINER_REG }}.azurecr.io
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	# - name: Set up Docker buildx
	# uses: docker/setup-buildx-action@v2

	# - name: Build and push
	# uses: docker/build-push-action@v4
	# with:
	# context: .
	# file: ./Dockerfile
	# push: false
	# tags: ${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }}

	- name: Build an image from Dockerfile
	run: \|
	docker build -t ${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }} .

	- name: Run Dockle
	uses: erzz/dockle-action@v1
	with:
	image: ${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }}
	exit-code: 0

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }}"
	format: 'table'
	exit-code: '0'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	# - name: Build and push
	# uses: docker/build-push-action@v4
	# with:
	# context: ./Dockerfile
	# push: true
	# tags: ${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }}
	- name: Push Image to ACR
	run: \|
	docker push ${{ secrets.DOCKER_USER }}.azurecr.io/review-api:${{ github.sha }}

Provide feedback