name: "Container Scan"
on:
  push:
    branches: [ "master" ]
  pull_request:
  schedule:
    - cron: '24 19 * * 3'
jobs:
  trivy:
    name: Trivy
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Check out code
      uses: actions/checkout@v2
    - uses: actions/setup-node@master
      with:
        node-version: 16.x
    - run: npm install
      working-directory: ./web
    - name: Build web
      run: npm run build
      working-directory: ./web
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Build
      run: make
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: 'frigate:latest'
        format: 'sarif'
        output: 'trivy-results.sarif'
    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'