1818 REGISTRY : docker.io
1919 # github.repository as <account>/<repo>
2020 IMAGE_NAME : ${{ github.repository }}
21-
21+ SHA : ${{ github.event.pull_request.head.sha || github.event.after }}
22+ COMPARE_TAG : latest
2223
2324jobs :
2425 ci :
6566 uses : docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
6667 with :
6768 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
69+ labels : |
70+ org.opencontainers.image.revision=${{ env.SHA }}
71+ tags : |
72+ type=edge,branch=$repo.default_branch
73+ type=semver,pattern=v{{version}}
74+ type=sha,prefix=,suffix=,format=short
6875
6976# Build and push Docker image with Buildx (don't push on PR)
7077 # https://github.com/docker/build-push-action
95102
96103 - name : Build for scout
97104 id : build-for-scout
105+ if : ${{ github.event_name == 'pull_request' }}
98106 uses : docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
99107 with :
100108 context : ./nestjs-project
@@ -108,14 +116,22 @@ jobs:
108116 secrets : |
109117 github_token=${{ secrets.GITHUB_TOKEN }}
110118
119+ # - name: Check if ":latest" tag exists
120+ # if: github.event_name == 'pull_request'
121+ # id: check-latest-exists
122+ # continue-on-error: true
123+ # run: |
124+ # docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
125+
111126 - name : Docker Scout
112127 id : docker-scout
113128 if : ${{ github.event_name == 'pull_request' }}
114129 uses : docker/scout-action@v1
115130 with :
116131 command : compare
117132 image : ${{ steps.meta.outputs.tags }}
118- to-latest : true
133+ to : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
134+ write-comment : true
119135 organization : argentinaluiz
120136 ignore-unchanged : true
121137 only-severities : critical,high
0 commit comments