From 4b8361bcc6d19a3687ef533bb4212999c0a5f6bb Mon Sep 17 00:00:00 2001
From: Chip Zoller <chipzoller@gmail.com>
Date: Wed, 21 Jun 2023 11:15:55 -0400
Subject: [PATCH] fix workflow (#7615)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix workflow

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* save

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* jq to compact output

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

---------

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 .../workflows/report-on-vulnerabilities.yaml  | 21 +++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml
index ac91090285..818030048b 100644
--- a/.github/workflows/report-on-vulnerabilities.yaml
+++ b/.github/workflows/report-on-vulnerabilities.yaml
@@ -13,7 +13,7 @@ env:
 
 jobs:
   scan:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
     outputs:
@@ -32,18 +32,19 @@ jobs:
       id: parse-results
       continue-on-error: true
       run: |
-        VULNS=$(cat scan.json | jq '.Results[] | has("Vulnerabilities")')
-        if echo $VULNS | grep -q 'true'; then
-          echo "Vulnerabilities found, creating issue"
-          echo "results=$(cat scan.json)" >> $GITHUB_OUTPUT
-        else
+        VULNS=$(cat scan.json | jq '.Results[] | select(.Target=="ko-app/kyverno") | length')
+        if [[ $VULNS -eq 0 ]]
+        then
           echo "No vulnerabilities found, halting"
           echo "results=nothing" >> $GITHUB_OUTPUT
+        else
+          echo "Vulnerabilities found, creating issue"
+          echo "results=found" >> $GITHUB_OUTPUT
         fi
 
     - name: Upload vulnerability scan report
       uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
-      if: contains(steps.parse-results.outputs.results, 'SchemaVersion')
+      if: steps.parse-results.outputs.results == 'found'
       with:
         name: scan.json
         path: scan.json
@@ -51,7 +52,7 @@ jobs:
 
   open-issue:
     runs-on: ubuntu-latest
-    if: contains(needs.scan.outputs.results, 'SchemaVersion')
+    if: needs.scan.outputs.results == 'found'
     needs: scan
     permissions:
       contents: read
@@ -59,15 +60,13 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Setup build env
-        uses: ./.github/actions/setup-build-env
       - name: Download scan
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: scan.json
       - name: Set scan output
         id: set-scan-output
-        run: echo "results=$(cat scan.json)" >> $GITHUB_OUTPUT
+        run: echo "results=$(cat scan.json | jq -c)" >> $GITHUB_OUTPUT
       - uses: JasonEtco/create-an-issue@e27dddc79c92bc6e4562f268fffa5ed752639abd # v2.9.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}