name: SecuritiesChecks

on:
  pull_request:
    branches:
    - main
    - autod-feature/v2

jobs:
  CheckDockerForVulnerabilities:
    runs-on: ubuntu-latest
    if: github.event.pull_request.base.ref == 'main'
    steps:
    - uses: actions/checkout@v3
    - name: Build the Docker image
      run: docker build . --tag security-checks-image:security-check --build-arg NPM_TOKEN=${{ secrets.NPM_TOKEN }}
    - name: Check For Docker Vulnerabilities
      uses: aquasecurity/trivy-action@0.2.2
      with:
        image-ref: security-checks-image:security-check
        exit-code: '1'
        severity: 'CRITICAL,HIGH'
        vuln-type: os
        ignore-unfixed: true
  CheckCodeForVulnerabilities:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - id: files
      uses: technote-space/get-diff-action@v6
      with:
        PATTERNS: |
          *
          */**
          !.github/**
          !.vscode/**
        FILES: |
          !README.md
    - name: Check Code For Vulnerabilities
      if: env.GIT_DIFF
      uses: aquasecurity/trivy-action@0.6.2
      with:
        scan-type: fs
        exit-code: '1'
        severity: 'CRITICAL,HIGH'
        ignore-unfixed: true