Add container image scanning workflow #8

	name: Run Image Scan for Amazon CloudWatch Observability Helm Chart

	on:
	push:
	branches:
	- main
	pull_request:
	types: [ opened, reopened, synchronize, ready_for_review ]
	branches:
	- main
	workflow_dispatch:

	jobs:
	ContainerImageScan:
	strategy:
	matrix:
	yaml_root: [ ".manager.image", ".manager.autoInstrumentationImage.java", ".manager.autoInstrumentationImage.python", ".manager.autoInstrumentationImage.dotnet", "agent.image", ".dcgmExporter.image", ".neuronMonitor.image" ]

	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: "Get image paths"
	id: image
	uses: mikefarah/yq@master
	with:
	command: \|
	echo CONTAINER_IMAGE="$(yq '${{ matrix.yaml_root }}.repositoryDomainMap.public' charts/amazon-cloudwatch-observability/values.yaml)/$(yq '${{ matrix.yaml_root }}.repository' charts/amazon-cloudwatch-observability/values.yaml):$(yq '${{ matrix.yaml_root }}.tag' charts/amazon-cloudwatch-observability/values.yaml)" >> $GITHUB_OUTPUT

	- name: "Scan for vulnerabilities"
	uses: crazy-max/ghaction-container-scan@v3
	with:
	image: ${{ steps.image.outputs.CONTAINER_IMAGE }}
	severity_threshold: HIGH

Provide feedback