From d110606e22fd386b985f81ee60e088cd012a9edd Mon Sep 17 00:00:00 2001
From: Enrico Stahn <enrico.stahn@gmail.com>
Date: Tue, 10 Mar 2020 23:55:13 +1100
Subject: [PATCH] chore: enable image scan through anchore (#74)

* chore: enable image scan through anchore
* chore: build entire image before doing image scan
* chore: fix goreleaser config
* chore: enable anchore to fail
* chore: remove pull_request event from ci
---
 .github/workflows/go.yml | 43 +++++++++++++++++++++++++++++++++++-----
 .goreleaser.yml          |  4 ++--
 2 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index c22a351..f8e1986 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -1,5 +1,5 @@
 name: Go
-on: [push, pull_request]
+on: [push]
 jobs:
 
   lint:
@@ -39,6 +39,39 @@ jobs:
     - name: Test
       run: go test ./...
 
+  image-scan:
+    name: Image Scan
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Unshallow
+      run: git fetch --prune --unshallow
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.14
+      id: go
+
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v1
+      with:
+        version: latest
+        args: release --rm-dist --skip-validate --skip-publish
+        key: ${{ secrets.YOUR_PRIVATE_KEY }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Scan image
+      uses: anchore/scan-action@master
+      with:
+        image-reference: "hipages/php-fpm_exporter:latest"
+        dockerfile-path: "./Dockerfile"
+        fail-build: true
+        include-app-packages: true
+
   tag:
     name: Tag
     runs-on: ubuntu-latest
@@ -54,7 +87,7 @@ jobs:
 
     - name: Unshallow
       run: git fetch --prune --unshallow
-              
+
     - name: Install semantic-release
       run: yarn global add --no-progress --non-interactive "semantic-release" "@semantic-release/exec"
 
@@ -70,16 +103,16 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-        
+
       - name: Unshallow
         run: git fetch --prune --unshallow
-        
+
       - name: Set up Go
         uses: actions/setup-go@v1
         with:
           go-version: 1.14
         id: go
-        
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v1
         with:
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 45004f5..1d22e2a 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -20,5 +20,5 @@ dockers:
       - "--build-arg=BUILD_DATE={{.Date}}"
       - "--build-arg=VCS_REF={{.FullCommit}}"
 
-archive:
-  format: binary
+archives:
+  - format: binary