Sonarcloud ghauri #61

	name: mvt-project/mvt

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	permissions:
	contents: read
	packages: write
	security-events: write

	jobs:
	build-and-push:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]

	steps:
	- uses: actions/checkout@v3
	- uses: snyk/actions/setup@master

	- name: Log in to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Cache Docker layers
	uses: actions/cache@v3
	with:
	path: ${{ github.workspace }}/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Build and push Docker image
	run: \|
	docker buildx build --push \
	--tag ghcr.io/${{ github.repository_owner }}/mvt:latest \
	--platform linux/amd64,linux/arm64 ./files/mvt-project

	- name: Logout from Docker Hub
	run: docker logout

	- name: Check ghcr.io/${{ github.repository_owner }}/mvt:latest image
	uses: snyk/actions/docker@master
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ghcr.io/${{ github.repository_owner }}/mvt:latest
	args: --file=./files/mvt-project/Dockerfile
	json: true
	- uses: garethr/snyk-to-sarif@master
	- uses: actions/upload-artifact@v4
	with:
	name: SARIF
	path: snyk.sarif

	- name: Upload SARIF Report to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif

Provide feedback