Skip to content

Commit

Permalink
fix: Vulnerability checks: create issue only when checked was done (#125
Browse files Browse the repository at this point in the history
)
  • Loading branch information
valerena authored Jun 5, 2024
1 parent 9e6041b commit 71388dd
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions .github/workflows/check-binaries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,17 @@ jobs:
id: save-output
run: |
report_csv="$(ls -tr output.cve-bin-*.csv 2>/dev/null | tail -n1)" # last file generated
echo "Vulnerabilities stored in $report_csv"
if [ -z "$report_csv" ]; then
echo "No file with vulnerabilities. Probably a failure in previous step."
else
echo "Vulnerabilities stored in $report_csv"
fi
final_report="${report_csv}.txt"
awk -F',' '{n=split($10, path, "/"); print $2,$3,$4,$5,path[n]}' "$report_csv" | column -t > "$final_report" # make the CSV nicer
echo "report_contents<<EOF" >> "$GITHUB_OUTPUT"
cat "$final_report" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
- if: always() && steps.check-binaries.outcome == 'failure'
- if: always() && steps.save-output.outputs.report_contents
name: Build new binaries and check vulnerabilities again
id: check-new-version
run: |
Expand All @@ -50,7 +54,7 @@ jobs:
latest_version=$(strings bin/aws-lambda-rie* | grep '^go1\.' | sort | uniq)
echo "latest_version=$latest_version" >> "$GITHUB_OUTPUT"
make check-binaries
- if: always() && steps.check-binaries.outcome == 'failure'
- if: always() && steps.save-output.outputs.report_contents
name: Save outputs for the check with the latest build
id: save-new-version
run: |
Expand All @@ -60,7 +64,7 @@ jobs:
fixed="Yes"
fi
echo "fixed=$fixed" >> "$GITHUB_OUTPUT"
- if: always() && steps.check-binaries.outcome == 'failure'
- if: always() && steps.save-output.outputs.report_contents
name: Create GitHub Issue indicating vulnerabilities
id: create-issue
uses: dacbd/create-issue-action@main
Expand Down

0 comments on commit 71388dd

Please sign in to comment.