feat: test container working: scan with cloud (#424)

* feat: test container working: scan with cloud * removed testing policy.yml file * feat: container test using auth verify * fix: ci fail due to missing container tag * fix: buildx not storing images locally * feat: envs into image * let see :) * using secrets directly into docker command * why do i need to mount? * fix: test run only on on pr to main repo
2025-12-10 00:22:08 -06:00 · 2025-03-26 12:43:59 +05:30 · 2025-03-26 12:43:59 +05:30 · 635baeb86e
commit 635baeb86e
parent 6eec7e1740
1 changed files with 15 additions and 3 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -3,6 +3,9 @@ on:
  pull_request:
    branches:
      - main
+  push:
+    branches:
+      - main

 permissions:
  contents: read
@ -68,7 +71,7 @@ jobs:
          VET_API_KEY: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
          VET_CONTROL_TOWER_TENANT_ID: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}

-  build-container:
+  build-container-test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
@ -83,6 +86,15 @@ jobs:

    - name: Build Container Image
      run: |
-        docker buildx build --platform linux/amd64 --platform linux/arm64 \
-        -t build-container-test .
+        docker buildx build --platform linux/amd64 --load \
+        -t build-container-test:latest .
+
+    - name: Test Container Image
+      if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
+      run: |
+        docker run --rm \
+          -e VET_API_KEY=${{ secrets.SAFEDEP_CLOUD_API_KEY }} \
+          -e VET_CONTROL_TOWER_TENANT_ID=${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }} \
+          build-container-test:latest \
+          auth verify