add scout job

Sam Morris · Sam Morris · commit 293d9fed83cd · 2025-04-07T13:24:54.000-04:00
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -12,6 +12,8 @@ on:
 
 env:
   IMAGE_NAME: samanthamorris684/catbot
+  # Change this from latest
+  COMPARE_TAG: latest
   USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
   PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
@@ -33,6 +35,18 @@ jobs:
           docker build -t $IMAGE_NAME:${{ inputs.IMAGE_TAG }} .
           docker push $IMAGE_NAME:${{ inputs.IMAGE_TAG }}
 
+      - name: Docker Scout
+        id: docker-scout
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          image: $IMAGE_NAME:${{ inputs.IMAGE_TAG }}
+          to: ${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
+          ignore-unchanged: true
+          only-severities: critical,high
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
         
         
     
