name: Dockle

on:
  push:
    branches:
      - master
      - develop
  pull_request:

jobs:
  dockle:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Build an image from Dockerfile
        uses: docker/build-push-action@v5
        with:
          context: .
          push: false
          provenance: false
          cache-from: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache
          tags: |
            misskey:scan
      - name: Run dockle
        uses: goodwithtech/dockle-action@main
        with:
          image: 'misskey:scan'
          format: 'list'
          exit-code: '1'
          exit-level: 'warn'
          ignore: 'CIS-DI-0005,CIS-DI-0010'