Skip to content

Commit

Permalink
Refactor GitHub Actions workflow for security updates: corrected outp…
Browse files Browse the repository at this point in the history
…ut variable reference for vulnerability checks, improved output formatting by removing quotes from boolean values, and added logging for the count of security findings detected.
  • Loading branch information
jaydrogers committed Dec 11, 2024
1 parent c941759 commit 164908b
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions .github/workflows/action_publish-images-security-updates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
scan-vulnerabilities:
runs-on: ubuntu-24.04
outputs:
has_vulnerabilities: ${{ steps.scan.outputs.has_vulnerabilities || inputs.force_build }}
has_vulnerabilities: ${{ steps.parse.outputs.has_vulnerabilities || inputs.force_build }}
steps:
# Single scan for both vulnerabilities and dependencies
- id: scan
Expand Down Expand Up @@ -52,8 +52,10 @@ jobs:
# Count both vulnerabilities and secrets
VULN_COUNT=$(jq -r '[.Results[] | (.Vulnerabilities, .Secrets) | select(. != null) | length] | add // 0' trivy-results.json)
echo "Found ${VULN_COUNT} security findings"
if [ "${VULN_COUNT:-0}" -gt 0 ]; then
echo "has_vulnerabilities='true'" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities=true" >> "$GITHUB_OUTPUT"
echo "# Security Findings Found" >> $GITHUB_STEP_SUMMARY
Expand All @@ -75,11 +77,11 @@ jobs:
echo "::notice::Found ${VULN_COUNT} security findings that need to be addressed."
else
echo "has_vulnerabilities='false'" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities=false" >> "$GITHUB_OUTPUT"
echo "No security findings found." >> $GITHUB_STEP_SUMMARY
fi
else
echo "has_vulnerabilities='false'" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities=false" >> "$GITHUB_OUTPUT"
echo "::error::trivy-results.json not found"
exit 1
fi
Expand Down

0 comments on commit 164908b

Please sign in to comment.