mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix workflow (#7615)

Browse source 
* fix workflow

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* save

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* jq to compact output

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

---------

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Chip Zoller 2023-06-21 11:15:55 -04:00 committed by GitHub
parent f2bfc13edb
commit 4b8361bcc6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.github/workflows/report-on-vulnerabilities.yaml vendored
View file

@ -13,7 +13,7 @@ env:
jobs: jobs:
scan: scan:
runs-on: ubuntu-20.04 runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
outputs: outputs:
@ -32,18 +32,19 @@ jobs:
id: parse-results id: parse-results
continue-on-error: true continue-on-error: true
run: | run: |
VULNS=$(cat scan.json | jq '.Results[] | has("Vulnerabilities")') VULNS=$(cat scan.json | jq '.Results[] | select(.Target=="ko-app/kyverno") | length')
if echo $VULNS | grep -q 'true'; then if [[ $VULNS -eq 0 ]]
echo "Vulnerabilities found, creating issue" then
echo "results=$(cat scan.json)" >> $GITHUB_OUTPUT
else
echo "No vulnerabilities found, halting" echo "No vulnerabilities found, halting"
echo "results=nothing" >> $GITHUB_OUTPUT echo "results=nothing" >> $GITHUB_OUTPUT
else
echo "Vulnerabilities found, creating issue"
echo "results=found" >> $GITHUB_OUTPUT
fi fi
- name: Upload vulnerability scan report - name: Upload vulnerability scan report
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: contains(steps.parse-results.outputs.results, 'SchemaVersion') if: steps.parse-results.outputs.results == 'found'
with: with:
name: scan.json name: scan.json
path: scan.json path: scan.json
@ -51,7 +52,7 @@ jobs:
open-issue: open-issue:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: contains(needs.scan.outputs.results, 'SchemaVersion') if: needs.scan.outputs.results == 'found'
needs: scan needs: scan
permissions: permissions:
contents: read contents: read
@ -59,15 +60,13 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup build env
uses: ./.github/actions/setup-build-env
- name: Download scan - name: Download scan
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: scan.json name: scan.json
- name: Set scan output - name: Set scan output
id: set-scan-output id: set-scan-output
run: echo "results=$(cat scan.json)" >> $GITHUB_OUTPUT run: echo "results=$(cat scan.json | jq -c)" >> $GITHUB_OUTPUT
- uses: JasonEtco/create-an-issue@e27dddc79c92bc6e4562f268fffa5ed752639abd # v2.9.1 - uses: JasonEtco/create-an-issue@e27dddc79c92bc6e4562f268fffa5ed752639abd # v2.9.1
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}