Add Docker Scout login fallback and temporary caching.

This update introduces a fallback mechanism for Docker Scout login when DockerHub credentials are unavailable, ensuring the workflow does not fail. It also replaces direct Docker config usage with temporary caching to improve flexibility and reduce dependency on runner environment setups.
2026-02-14 19:03:30 +01:00
parent dd3f18bb06
commit 5a7f32541f
1 changed files with 19 additions and 10 deletions
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -24,6 +24,21 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

+      - name: Docker Scout login bootstrap
+        continue-on-error: true
+        run: |
+          if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
+            echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
+            exit 0
+          fi
+          mkdir -p "$RUNNER_TEMP/scout-docker-config"
+          printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
+            docker/scout-cli:latest login \
+              --username "${{ secrets.DOCKERHUB_USERNAME }}" \
+              --password-stdin || true
+
      - name: Build backend image (local)
        uses: docker/build-push-action@v6
        with:
@@ -100,15 +115,12 @@ jobs:
            exit 0
          fi
          if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
          fi
          docker run --rm \
            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
            -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
            docker/scout-cli:latest cves nexapg-backend:dev-scan \
            --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
              echo "" >> scout-backend.txt
@@ -123,15 +135,12 @@ jobs:
            exit 0
          fi
          if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
          fi
          docker run --rm \
            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
            -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
            docker/scout-cli:latest cves nexapg-frontend:dev-scan \
            --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
              echo "" >> scout-frontend.txt