Merge pull request #19805 from almaceleste/main

dvdksn · web-flow · commit 77db7f5eadd5 · 2024-04-15T06:32:22.000+02:00
fix GitHub Actions YAML file block
diff --git a/content/scout/integrations/ci/gha.md b/content/scout/integrations/ci/gha.md
@@ -54,51 +54,51 @@ jobs:
     permissions:
       pull-requests: write
 
-steps:
-  - name: Checkout repository
-    uses: actions/checkout@v4
-    with:
-      ref: ${{ env.SHA }}
-
-  - name: Setup Docker buildx
-    uses: docker/setup-buildx-action@v3
-
-  # Authenticate to the container registry
-  - name: Authenticate to registry ${{ env.REGISTRY }}
-    uses: docker/login-action@v3
-    with:
-      registry: ${{ env.REGISTRY }}
-      username: ${{ secrets.REGISTRY_USER }}
-      password: ${{ secrets.REGISTRY_TOKEN }}
-
-  # Extract metadata (tags, labels) for Docker
-  - name: Extract Docker metadata
-    id: meta
-    uses: docker/metadata-action@v5
-    with:
-      images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      labels: |
-        org.opencontainers.image.revision=${{ env.SHA }}
-      tags: |
-        type=edge,branch=$repo.default_branch
-        type=semver,pattern=v{{version}}
-        type=sha,prefix=,suffix=,format=short
-
-  # Build and push Docker image with Buildx
-  # (don't push on PR, load instead)
-  - name: Build and push Docker image
-    id: build-and-push
-    uses: docker/build-push-action@v5
-    with:
-      context: .
-      sbom: ${{ github.event_name != 'pull_request' }}
-      provenance: ${{ github.event_name != 'pull_request' }}
-      push: ${{ github.event_name != 'pull_request' }}
-      load: ${{ github.event_name == 'pull_request' }}
-      tags: ${{ steps.meta.outputs.tags }}
-      labels: ${{ steps.meta.outputs.labels }}
-      cache-from: type=gha
-      cache-to: type=gha,mode=max
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.SHA }}
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Authenticate to the container registry
+      - name: Authenticate to registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.revision=${{ env.SHA }}
+          tags: |
+            type=edge,branch=$repo.default_branch
+            type=semver,pattern=v{{version}}
+            type=sha,prefix=,suffix=,format=short
+
+      # Build and push Docker image with Buildx
+      # (don't push on PR, load instead)
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          sbom: ${{ github.event_name != 'pull_request' }}
+          provenance: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' }}
+          load: ${{ github.event_name == 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 ```
 
 This creates workflow steps to:
@@ -124,26 +124,26 @@ With this setup out of the way, you can add the following steps to run the
 image comparison:
 
 ```yaml
-# You can skip this step if Docker Hub is your registry
-# and you already authenticated before
-- name: Authenticate to Docker
-  uses: docker/login-action@v3
-  with:
-    username: ${{ secrets.DOCKER_USER }}
-    password: ${{ secrets.DOCKER_PAT }}
-
-# Compare the image built in the pull request with the one in production
-- name: Docker Scout
-  id: docker-scout
-  if: ${{ github.event_name == 'pull_request' }}
-  uses: docker/scout-action@v1
-  with:
-    command: compare
-    image: ${{ steps.meta.outputs.tags }}
-    to-env: production
-    ignore-unchanged: true
-    only-severities: critical,high
-    github-token: ${{ secrets.GITHUB_TOKEN }}
+      # You can skip this step if Docker Hub is your registry
+      # and you already authenticated before
+      - name: Authenticate to Docker
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PAT }}
+
+      # Compare the image built in the pull request with the one in production
+      - name: Docker Scout
+        id: docker-scout
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          image: ${{ steps.meta.outputs.tags }}
+          to-env: production
+          ignore-unchanged: true
+          only-severities: critical,high
+          github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 The compare command analyzes the image and evaluates policy compliance, and
