Add vulture #1540

	name: Docker

	on: [push]

	jobs:
	docker:
	name: Build Docker Image
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3
	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v3
	with:
	images: \|
	europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator
	stakewiselabs/v3-operator
	flavor: \|
	latest=auto
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=sha
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Login to GAR
	uses: docker/login-action@v3
	with:
	registry: europe-west4-docker.pkg.dev
	username: _json_key
	password: ${{ secrets.GAR_JSON_KEY }}
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	context: .
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: linux/amd64,linux/arm64
	cache-from: type=gha
	cache-to: type=gha,mode=max
	scanner:
	name: Trivy scanner
	runs-on: ubuntu-latest
	needs: docker
	steps:
	- id: commit-hash
	uses: pr-mpt/actions-commit-hash@v2

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator:sha-${{ steps.commit-hash.outputs.short }}"
	format: "table"
	exit-code: "1"
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	ignore-unfixed: true

Provide feedback