ci: add scanners and bump all actions #33

	name: ci
	on:
	push:
	branches:
	- main
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"
	pull_request:

	permissions:
	contents: read

	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repo
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
	with:
	go-version-file: go.mod
	cache: true

	- name: ci/test
	run: make unittest

	lint:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repo
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
	with:
	go-version-file: go.mod
	cache: true

	- name: ci/check-style
	run: make check-style

	- name: ci/check-modules
	run: make check-modules

	build:
	if: ${{ github.event_name == 'pull_request' \|\| github.ref_name == 'main' }}
	runs-on: ubuntu-latest
	needs: [lint, test]
	steps:
	- name: Checkout repo
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: ci/setup-buildx
	uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

	- name: ci/scan-docker-security
	uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
	with:
	image: "mattermost/node-rotator"
	output-format: table
	only-fixed: true
	fail-build: false
	severity-cutoff: critical

	- name: ci/docker-push-pr
	run: make push-image-pr

Provide feedback