Optimize Trivy vulnerability scanning with caching and OCI archive #9

	name: CI

	on:
	pull_request:
	branches: [main]

	permissions:
	contents: read
	pull-requests: read

	jobs:
	commitlint:
	name: Lint commit messages
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- uses: wagoid/commitlint-github-action@v6

	hadolint:
	name: Lint Containerfile
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: hadolint/hadolint-action@v3.1.0
	with:
	dockerfile: Containerfile

	build:
	name: Test build
	runs-on: ubuntu-latest
	needs: [hadolint]
	steps:
	- uses: actions/checkout@v4

	- name: Install yq
	run: \|
	sudo curl -sSL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.45.4/yq_linux_amd64"
	sudo chmod +x /usr/local/bin/yq

	- name: Build image
	run: \|
	BUILD_ARGS=""
	for arg in $(yq e '.build.args[]' manifest.yaml); do
	BUILD_ARGS="${BUILD_ARGS} --build-arg ${arg}"
	done
	# shellcheck disable=SC2086
	docker build -f Containerfile ${BUILD_ARGS} -t test-build .

Provide feedback