From 5a7f32541fcef6f6d44dede79bb0171c9cbbeae9 Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Sat, 14 Feb 2026 19:03:30 +0100
Subject: [PATCH] Add Docker Scout login fallback and temporary caching.

This update introduces a fallback mechanism for Docker Scout login when DockerHub credentials are unavailable, ensuring the workflow does not fail. It also replaces direct Docker config usage with temporary caching to improve flexibility and reduce dependency on runner environment setups.
---
 .../container-cve-scan-development.yml        | 29 ++++++++++++-------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 3c5767b..1874fb4 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -24,6 +24,21 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Docker Scout login bootstrap
+        continue-on-error: true
+        run: |
+          if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
+            echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
+            exit 0
+          fi
+          mkdir -p "$RUNNER_TEMP/scout-docker-config"
+          printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
+            docker/scout-cli:latest login \
+              --username "${{ secrets.DOCKERHUB_USERNAME }}" \
+              --password-stdin || true
+
       - name: Build backend image (local)
         uses: docker/build-push-action@v6
         with:
@@ -100,15 +115,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
             --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
               echo "" >> scout-backend.txt
@@ -123,15 +135,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
             --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
               echo "" >> scout-frontend.txt