chore: add job scan-vuln #3

	name: pipeline

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]

	jobs:
	build-and-push:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Login to Docker Hub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v4
	with:
	platforms: linux/amd64,linux/arm64
	push: true
	tags: \|
	"${{ vars.REGISTRY }}/${{ vars.IMAGE }}:${{ github.sha}}"
	"${{ vars.REGISTRY }}/${{ vars.IMAGE }}:latest"

	scan-vuln-with-trivy:
	runs-on: ubuntu-latest
	needs: ["build-and-push"]
	steps:
	- name: Scan vulnerabilities with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ vars.REGISTRY }}/${{ vars.IMAGE }}:${{ github.sha }}'
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	ignore-unfixed: true
	template: '@/contrib/html.tpl'
	exit-code: '1'
	format: 'template'
	output: report.html
	env:
	TRIVY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}

	- name: Upload Trivy Report
	uses: actions/upload-artifact@v2
	with:
	name: trivy-report
	path: report.html

Provide feedback