ci(gha): add steps to perform container image scan

Author: abhisheksr01

.github/workflows/pipeline.yml

@@ -219,26 +219,32 @@ jobs:
 #        if: ${{ steps.bump-version.outputs.is-dryrun-version-bumped == 'true' }}
         uses: docker/build-push-action@v6
         with:
-          push: false
+          load: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          sbom: true
-          provenance: true
       - name: Convert Image to Tar
-        run: docker save -o companieshouse.tar ${{ steps.meta.outputs.tags }}
+        run: |
+          docker images
+          tags="${{ steps.meta.outputs.tags }}"
+          tags="${tags//,/ }"        # replace commas with spaces
+          echo "Saving images: $tags"
       - name: Scan Image
         uses: aquasecurity/[email protected]
         with:
-          image-ref: companieshouse.tar
+          image-ref: ${{ steps.meta.outputs.tags }}
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           scanners: 'vuln,secret,misconfig,license'
-      - name: Push Image
-#        if: ${{ github.event_name != 'pull_request' && steps.bump-version.outputs.is-dryrun-version-bumped == 'true' }} # Only push on main branch & when version is bumped with dryrun. We will create tags and creates separately after proper testing
-        run: |
-          docker push ${{ steps.meta.outputs.tags }}
+      - name: Re-Build & Push Image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          sbom: true
+          provenance: true
 
 #  create-release:
 #    if: ${{ needs.docker-build-push.outputs.is-dryrun-version-bumped  == 'true' }} # Only release when new version is available