feat: Added test-step to build+scan docker image

Author: alecron

.github/workflows/test.yaml

@@ -6,15 +6,15 @@ on:
     paths:
       - pyproject.toml
       - Dockerfile
-      - '*.py'
+      - "*.py"
       - tests/**
       - tools/**
       - utils/**
   workflow_call:
   workflow_dispatch:
 
 concurrency:
-  group: 'tests-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  group: "tests-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
   cancel-in-progress: true
 
 jobs:
@@ -57,7 +57,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: ${{ github.sha }} # required for better experience using pre-releases
-          fetch-depth: '0' # Required due to the way Git works, without it this action won't be able to find any or the correct tags
+          fetch-depth: "0" # Required due to the way Git works, without it this action won't be able to find any or the correct tags
 
       - name: Extract current version
         id: pyproject_version
@@ -78,7 +78,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BUMP: "patch"
-          TAG_CONTEXT: 'repo'
+          TAG_CONTEXT: "repo"
           WITH_V: true
           DRY_RUN: true
 
@@ -99,3 +99,41 @@ jobs:
             New Tag version: **${{ steps.semantic_release.outputs.tag }}**
             The version is up-to-date." >> $GITHUB_STEP_SUMMARY
           fi
+
+  test_build:
+    name: Test Build
+    runs-on: ubuntu-latest
+    needs: test
+    permissions:
+      contents: read # required for actions/checkout
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.sha }} # required for better experience using pre-releases
+          fetch-depth: "0" # Required due to the way Git works, without it this action won't be able to find any or the correct tags
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker image
+        id: build-to-test
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          load: true
+          push: false
+          tags: |
+            ghcr.io/sysdiglabs/sysdig-mcp-server:test
+
+      - name: Scan Docker image
+        uses: sysdiglabs/scan-action@v6
+        with:
+          image-tag: ghcr.io/sysdiglabs/sysdig-mcp-server:test
+          sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
+          stop-on-failed-policy-eval: true
+          stop-on-processing-error: true