add vulnerability scanning github action #2

	name: PR Vulnerability Scan
	on: pull_request

	permissions:
	pull-requests: write
	contents: write

	jobs:
	snyk:
	name: Snyk Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@master
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/golang@master
	continue-on-error: true # To make sure that PR comment is made
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	command: test
	args: --severity-threshold=high > snyk-results.txt
	- name: Comment on PR with Snyk scan results
	uses: mshick/add-pr-comment@v2
	with:
	message-path: snyk-results.txt
	trivy:
	name: Trivy Scan
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build Loki Image
	run: \|
	IMAGE_TAG="$(./tools/image-tag)"
	make loki-image
	echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "docker.io/grafana/loki:${{ env.IMAGE_TAG }}"
	format: "json"
	output: "trivy.json"

	- name: Generate Message
	uses: sergeysova/jq-action@v2
	id: trivy-message
	with:
	cmd: jq -r '.Results[] \| .Vulnerabilities[] \| "* \(.Severity) [\(.Title)](\(.PrimaryURL)) in \(.PkgName) v\(.InstalledVersion). Fixed in v\(.FixedVersion)"' trivy.json
	multiline: true

	- name: Comment on PR with Trivy scan results
	uses: mshick/add-pr-comment@v2
	with:
	message: \|
	Trivy scan found the following vulernbilities:

	${{ steps.trivy-message.outputs.value }}

Provide feedback