Skip to content

Commit c96dc8c

Browse files
corneliusludmanncorneliusludmann
committed
vuln scan github summary
1 parent f8e8c69 commit c96dc8c

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

.github/workflows/build.yml

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,24 @@ jobs:
308308
) >> $GITHUB_STEP_SUMMARY
309309
fi
310310
311+
exit $RESULT
312+
- name: Scan for Vulnerabilities
313+
id: scan
314+
shell: bash
315+
env:
316+
NODE_OPTIONS: "--max_old_space_size=4096"
317+
JAVA_HOME: /home/gitpod/.sdkman/candidates/java/current
318+
VERSION: ${{needs.configuration.outputs.version}}
319+
PR_NO_CACHE: ${{needs.configuration.outputs.build_no_cache}}
320+
PR_NO_TEST: ${{needs.configuration.outputs.build_no_test}}
321+
NPM_AUTH_TOKEN: "${{ secrets.NPM_AUTH_TOKEN }}"
322+
PUBLISH_TO_NPM: ${{ needs.configuration.outputs.publish_to_npm == 'true' || needs.configuration.outputs.is_main_branch == 'true' }}
323+
JB_MARKETPLACE_PUBLISH_TOKEN: "${{ secrets.JB_MARKETPLACE_PUBLISH_TOKEN }}"
324+
PUBLISH_TO_JBPM: ${{ needs.configuration.outputs.publish_to_jbmp == 'true' || needs.configuration.outputs.is_main_branch == 'true' }}
325+
CODECOV_TOKEN: "${{ secrets.CODECOV_TOKEN }}"
326+
LEEWAY_REMOTE_CACHE_BUCKET: ${{needs.configuration.outputs.leeway_cache_bucket}}
327+
IMAGE_REPO_BASE: ${{needs.configuration.outputs.image_repo_base}}/build
328+
run: |
311329
sboms_dir=$(mktemp -d)
312330
CI= leeway -v sbom export --with-dependencies --output-dir "$sboms_dir" \
313331
-Dversion=$VERSION \
@@ -335,19 +353,19 @@ jobs:
335353
echo "leeway_vulnerability_reports_dir=$scans_dir"
336354
} >> $GITHUB_OUTPUT
337355
338-
exit $RESULT
356+
cat "$scans_dir/vulnerability-summary.md" >> $GITHUB_STEP_SUMMARY
339357
- name: Upload SBOMs
340358
uses: actions/upload-artifact@v4
341359
if: success()
342360
with:
343361
name: sboms
344-
path: ${{ steps.leeway.outputs.leeway_sboms_dir }}
362+
path: ${{ steps.scan.outputs.leeway_sboms_dir }}
345363
- name: Upload vulnerability reports
346364
uses: actions/upload-artifact@v4
347365
if: success()
348366
with:
349367
name: vulnerability-reports
350-
path: ${{ steps.leeway.outputs.leeway_vulnerability_reports_dir }}
368+
path: ${{ steps.scan.outputs.leeway_vulnerability_reports_dir }}
351369
- name: Tag the release
352370
if: github.ref == 'refs/heads/main'
353371
run: |

0 commit comments

Comments
 (0)