fix: ooops, container scanning should be past building

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 stages:
   - test
   - build-image
+  - post-test
 
 sast:
   stage: test
@@ -10,13 +11,6 @@ include:
 - template: Security/Secret-Detection.gitlab-ci.yml
 - template: Security/Container-Scanning.gitlab-ci.yml
 
-container_scanning:
-  variables:
-    CS_DISABLE_DEPENDENCY_LIST: "true"
-    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
-    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
-    CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
-
 docker-image-build:
   stage: build-image
   image: docker:20-git
@@ -34,14 +28,12 @@ docker-image-build:
     - requirements.txt
     - .gitlab-ci.yml
 
-docker-image-nightly-build:
+container_scanning:
-  stage: build-image
+  stage: post-test
-  image: docker:20-git
+  variables:
-  script:
+    CS_DISABLE_DEPENDENCY_LIST: "true"
-    - docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly .
+    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
-    - docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly
+    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
-  rules:
+    CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
-  - if: $CI_COMMIT_BRANCH == "unsafe"
+    SECURE_LOG_LEVEL: "debug"
-    exists:
-    - Dockerfile