From 15c12a81f1e1943f8f324486f553d7bc58686482 Mon Sep 17 00:00:00 2001
From: Daan Selen <dselen@nerthus.nl>
Date: Wed, 4 Jun 2025 10:12:18 +0200
Subject: [PATCH] Separate stages

---
 .github/workflows/docker-build.yml | 42 ++++++++++++++++--------------
 .github/workflows/docker-scan.yml  | 37 --------------------------
 2 files changed, 23 insertions(+), 56 deletions(-)
 delete mode 100644 .github/workflows/docker-scan.yml

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index c79e59a..f550b09 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -64,23 +64,27 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64,linux/arm/v7
 
-      - name: Docker Scout CVEs
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: ${{ steps.meta.outputs.tags }}
-          only-severities: critical,high
-          only-fixed: true
-          write-comment: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          exit-code: true
+  docker_scan:
+      runs-on: ubuntu-latest
+      needs: docker_build
+      steps:
+        - name: Docker Scout CVEs
+          uses: docker/scout-action@v1
+          with:
+            command: cves
+            image: ${{ needs.docker_build.outputs.image-tags }}
+            only-severities: critical,high
+            only-fixed: true
+            write-comment: true
+            github-token: ${{ secrets.GITHUB_TOKEN }}
+            exit-code: true
 
-      - name: Docker Scout Compare
-        uses: docker/scout-action@v1
-        with:
-          command: compare
-          image: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
-          to: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest
-          only-severities: critical,high
-          ignore-unchanged: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+        - name: Docker Scout Compare
+          uses: docker/scout-action@v1
+          with:
+            command: compare
+            image: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
+            to: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest
+            only-severities: critical,high
+            ignore-unchanged: true
+            github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
deleted file mode 100644
index 33a5ae3..0000000
--- a/.github/workflows/docker-scan.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: Docker Scan
-
-on:
-  workflow_dispatch:
-    inputs:
-      trigger-scan:
-        description: 'Trigger a manual scan'
-        required: true
-        default: 'true'
-
-env:
-  DOCKER_IMAGE: donaldzou/wgdashboard
-
-jobs:
-  docker_scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-      - name: Docker Scout CVEs
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: ${{ env.DOCKER_IMAGE }}:nightly
-          only-severities: critical,high
-          only-fixed: true
-          write-comment: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          exit-code: true