Tilføjet handling til workflows fil #5

	name: Build, Scan and Push Image

	on:
	push:
	branches: [ "main" ]

	env:
	IMAGE_NAME: ghcr.io/${{ github.repository }}/min-nginx-app
	TRIVY_VERSION: 0.52.0

	jobs:
	build-scan-push:
	name: Build, Scan and Push
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	security-events: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Log in to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Generate lower-case image name
	id: image_name
	run: \|
	echo "lowercase_name=$(echo ghcr.io/${{ github.repository }}/min-nginx-app \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT


	- name: Build Docker image
	run: \|
	docker build -t ${{ steps.image_name.outputs.lowercase_name }}:${{ github.sha }} .

	- name: Install Trivy
	run: \|
	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \| sh -s -- -b /usr/local/bin v${{ env.TRIVY_VERSION }}
	trivy --version

	- name: Scan image with Trivy using VEX
	run: \|
	trivy image \
	--format sarif \
	--output trivy-results.sarif \
	--severity HIGH,CRITICAL \
	--exit-code 1 \
	--vex ./openvex.json \
	${{ steps.image_name.outputs.lowercase_name }}:${{ github.sha }}

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Push Docker image to registry
	run: \|
	docker push ${{ steps.image_name.outputs.lowercase_name }}:${{ github.sha }}

Provide feedback