Skip to content

Commit

Permalink
Update GitHub Actions workflow to improve output formatting for vulne…
Browse files Browse the repository at this point in the history
…rability checks. Changed output values for `has_vulnerabilities` to use quotes for consistency. Enhanced conditional logic to allow builds to proceed if forced, regardless of vulnerability status.
  • Loading branch information
jaydrogers committed Dec 11, 2024
1 parent 2edcacb commit c65eed6
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions .github/workflows/action_publish-images-security-updates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
VULN_COUNT=$(jq -r '[.Results[] | (.Vulnerabilities, .Secrets) | select(. != null) | length] | add // 0' trivy-results.json)
if [ "${VULN_COUNT:-0}" -gt 0 ]; then
echo "has_vulnerabilities=true" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities='true'" >> "$GITHUB_OUTPUT"
echo "# Security Findings Found" >> $GITHUB_STEP_SUMMARY
Expand All @@ -75,12 +75,11 @@ jobs:
echo "::notice::Found ${VULN_COUNT} security findings that need to be addressed."
else
echo "has_vulnerabilities=false" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities='false'" >> "$GITHUB_OUTPUT"
echo "No security findings found." >> $GITHUB_STEP_SUMMARY
fi
else
echo "Error: trivy-results.json not found"
echo "has_vulnerabilities=false" >> "$GITHUB_OUTPUT"
echo "has_vulnerabilities='false'" >> "$GITHUB_OUTPUT"
echo "::error::trivy-results.json not found"
exit 1
fi
Expand All @@ -98,7 +97,7 @@ jobs:
build-security-updates:
needs: [scan-vulnerabilities, get-latest-release]
if: needs.scan-vulnerabilities.outputs.has_vulnerabilities == 'true'
if: needs.scan-vulnerabilities.outputs.has_vulnerabilities == 'true' || inputs.force_build == true
uses: ./.github/workflows/service_docker-build-and-publish.yml
secrets: inherit
with:
Expand Down

0 comments on commit c65eed6

Please sign in to comment.