From cd520fab728c8edb754e35b6e35e13d43821a118 Mon Sep 17 00:00:00 2001
From: Xiaonan Shen <s@sxn.dev>
Date: Thu, 19 Nov 2020 22:42:16 -0800
Subject: [PATCH] Add image scan to deb

---
 .github/workflows/deb.yaml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deb.yaml b/.github/workflows/deb.yaml
index 7a3607f..593ad3a 100644
--- a/.github/workflows/deb.yaml
+++ b/.github/workflows/deb.yaml
@@ -42,7 +42,21 @@ jobs:
         with:
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
-      - uses: docker/build-push-action@v2
+      - name: Build image without push
+        uses: docker/build-push-action@v2
+        with:
+          context: ./deb
+          file: ./deb/Dockerfile
+          load: true
+          tags: protonmail-bridge:latest
+      - name: Scan image
+        uses: anchore/scan-action@v2
+        with:
+          image: protonmail-bridge:latest
+          fail-build: true
+          severity-cutoff: critical
+      - name: Push image
+        uses: docker/build-push-action@v2
         with:
           context: ./deb
           file: ./deb/Dockerfile