name: Vulnerability Scan

on:
  schedule:
    - cron: "0 14 * * *"
  workflow_dispatch:

jobs:
  scan:
    name: Daily Vulnerability Scan
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest

    steps:
      - name: Pull docker image
        run: docker pull docker.asperti.com/paspo/ftps:latest
      #  run: docker pull git.asperti.com/paspo/docker-ftps:latest

      - name: Run Trivy vulnerability scanner
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.asperti.com/paspo/ftps:latest"
          # image-ref: "git.asperti.com/paspo/docker-ftps:latest"
          format: "json"
          output: "trivy-results.json"

      # if some vulnerability is found, we fail
      - name: check output
        run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi