tests: add test actions with real scans

.github/workflows/ci.yml

@@ -48,17 +48,32 @@ jobs:
     name: GitHub Actions Test
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      packages: read
+
     steps:
       - name: Checkout
-        id: checkout
         uses: actions/checkout@v4
 
-      - name: Test Local Action
-        id: test-action
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run Server
+        run: docker run -d -p 8080:8080 ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest
+
+      - name: Get JWT
+        id: get-jwt
+        run: echo "jwt=$(docker run --rm ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest jwt) >> $GITHUB_OUTPUT
+
+      - name: Test CURL Local Action
+        id: test-curl-action
         uses: ./
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          curl:
-            'curl https://api.github.com/repos/${{ github.repository
-            }}/actions/runs/${{ github.run_id }}/jobs'
+          curl: 'curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" --scans "jwt.*"'