security-test.yml

name: PR check

on: pull_request

env:
  IMAGE_NAME: frinx/uniflow-schellar

jobs:
  graphql-generator-check:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: schellar
    steps:
    - uses: actions/checkout@v3

    - name: Set up Go
      uses: actions/setup-go@v3
      with:
        go-version: 1.21

    - name: Build
      run: |
        go get github.com/99designs/gqlgen
        go run github.com/99designs/gqlgen generate

    - name: Verify Changed files
      uses: tj-actions/verify-changed-files@v17
      id: verify-changed-files
      with:
        files: |
             schellar/graph/*

    - name: Run step only when any of the above files change
      if: steps.verify-changed-files.outputs.files_changed == 'true'
      run: |
        echo """Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}
        echo """Please execute: 
          go get github.com/99designs/gqlgen
          go run github.com/99designs/gqlgen generate
          git diff
        """
        exit 1

  security-test:
    needs: graphql-generator-check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: Build image
        run: docker build . --file Dockerfile --tag $IMAGE_NAME

      - uses: Azure/container-scan@v0
        with:
          image-name: ${{ env.IMAGE_NAME }}:latest
          # severity-threshold: CRITICAL