Add Docker Scout login fallback and temporary caching.

This update introduces a fallback mechanism for Docker Scout login when DockerHub credentials are unavailable, ensuring the workflow does not fail. It also replaces direct Docker config usage with temporary caching to improve flexibility and reduce dependency on runner environment setups.

.github/workflows/container-cve-scan-development.yml

@@ -24,6 +24,21 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Docker Scout login bootstrap
+        continue-on-error: true
+        run: |
+          if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
+            echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
+            exit 0
+          fi
+          mkdir -p "$RUNNER_TEMP/scout-docker-config"
+          printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
+            docker/scout-cli:latest login \
+              --username "${{ secrets.DOCKERHUB_USERNAME }}" \
+              --password-stdin || true
+
       - name: Build backend image (local)
         uses: docker/build-push-action@v6
         with:
@@ -100,15 +115,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
-            exit 0
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
             --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
               echo "" >> scout-backend.txt
@@ -123,15 +135,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
-            exit 0
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
             --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
               echo "" >> scout-frontend.txt