ci: create image and scan with trivy (#527)

Author: d-koppenhagen

.github/workflows/docker.yml

@@ -0,0 +1,41 @@
+name: Build and Scan Docker image
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Build an image from Dockerfile
+        run: docker build -t trivy-explorer .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: "trivy-explorer"
+          output: trivy-report.json
+          format: json
+          exit-code: "0"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL"
+      - name: Upload Vulnerability Scan Results
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-report
+          path: trivy-report.json
+          retention-days: 30
+      - name: Output artifact URL
+        run: echo 'Artifact URL is ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }}'
+      - name: Get the JSON Report Download URL
+        id: get_report_url
+        run: |
+          repo_url="https://raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/trivy-report.json"
+          echo "::set-output name=report_url::${repo_url}"
+      - name: Display Vulnerability Report URL
+        run: |
+          echo "You can view the vulnerability report here:"
+          echo "https://dbsystel.github.io/trivy-vulnerability-explorer/#/?url=${{ steps.get_report_url.outputs.report_url }}"