WIP

.github/workflows/docker-hub.yml

@@ -1,4 +1,5 @@
 name: Docker Hub Workflow
+run-name: Docker Hub Workflow
 
 on:
   workflow_dispatch:
@@ -48,6 +49,20 @@ jobs:
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
         run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin
+      -
+        name: Build an image from Dockerfile
+        run: |
+           docker build --target backend-production -t docker.io/lasuite/meet-backend:${{ github.sha }} .
+      -
+        name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'docker.io/lasuite/meet-backend:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
       -
         name: Build and push
         uses: docker/build-push-action@v5
@@ -92,6 +107,20 @@ jobs:
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
         run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin
+      -
+        name: Build an image from Dockerfile
+        run: |
+           docker build -f src/frontend/Dockerfile -t docker.io/lasuite/meet-frontend:${{ github.sha }} .
+      -
+        name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'docker.io/lasuite/meet-frontend:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
       -
         name: Build and push
         uses: docker/build-push-action@v5