name: Lint

on:
  push:
    branches:
      - develop
    paths:
      - 'Dockerfile'
  pull_request:
    branches:
      - develop
    paths:
      - 'Dockerfile'

jobs:
  trivy:
    name: Dockerfile
    runs-on: ubuntu-latest
    container:
      image: aquasec/trivy
    steps:
      - name: Check out pull request code
        uses: actions/checkout@v4
        if: github.event_name == 'pull_request'
        with:
          repository: ${{ github.event.pull_request.head.repo.full_name }}

      - name: Check out repository code
        uses: actions/checkout@v4
        if: github.event_name == 'push'

      - name: Check critical issues
        run: trivy config --exit-code 1 --severity "HIGH,CRITICAL" ./Dockerfile

      - name: Check non-critical issues
        run: trivy config --severity "LOW,MEDIUM" ./Dockerfile