name: Test LTS Container Images

on: [push, pull_request]

jobs:
  test_images:
    name: Test LTS Container Images with Trivy
    runs-on: ubuntu-latest
    strategy:
      matrix:
        context:
          - apache
          - fpm-alpine
          - fpm
    steps:
      - name: 'Check out the repo'
        uses: actions/checkout@v2

      - name: 'Set up Docker Buildx'
        uses: docker/setup-buildx-action@v1

      - name: 'Build Container images'
        uses: docker/build-push-action@v2
        with:
          context: 3.0/${{ matrix.context }}
          push: false
          load: true
          tags: docker.io/martialblog/limesurvey:3-${{ matrix.context }}

      - name: 'Run Structure tests'
        uses: plexsystems/container-structure-test-action@v0.2.0
        with:
          image: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
          config: tests/${{ matrix.context }}-tests.yaml

      - name: 'Run vulnerability scanner'
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: trivy-results-3-${{ matrix.context }}.sarif
          severity: 'CRITICAL,HIGH'

      - name: 'Upload Trivy scan results to GitHub'
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: trivy-results-3-${{ matrix.context }}.sarif
          category: "${{ matrix.context }}"