@@ -46,14 +46,11 @@ jobs:
4646
4747 - uses : ' actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a' # ratchet:actions/setup-node@v4
4848 with :
49- node-version : ' 20.x '
49+ node-version-file : ' package.json '
5050
5151 - name : ' npm build'
5252 run : ' npm ci && npm run build'
5353
54- - name : ' npm lint'
55- run : ' npm run lint'
56-
5754 - uses : ' google-github-actions/auth@v2' # ratchet:exclude
5855 with :
5956 workload_identity_provider : ' projects/251902844862/locations/global/workloadIdentityPools/github/providers/my-repo'
6663 permissions :
6764 contents : ' read'
6865 id-token : ' write'
66+
6967 runs-on : ' ubuntu-latest'
7068
7169 env :
7674
7775 - uses : ' actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a' # ratchet:actions/setup-node@v4
7876 with :
79- node-version : ' 20.x '
77+ node-version-file : ' package.json '
8078
8179 - name : ' npm build'
8280 run : ' npm ci && npm run build'
@@ -98,14 +96,17 @@ jobs:
9896 ignore_violations : ' false'
9997 fail_silently : ' false'
10098 scan_timeout : ' 1m'
99+
101100 - name : ' Check scan result and compare sarif report generated.'
102- run : |
103- report_expected="tests/resources/sarif.json"
104- report_generated="${{ steps.violations-found.outputs.iac_scan_result_sarif_path }}"
105- if cmp -s "$report_expected" "$report_generated"; then
101+ env :
102+ REPORT_GENERATED : ' ${{ steps.violations-found.outputs.iac_scan_result_sarif_path }}'
103+ SCAN_RESULT : ' ${{ steps.violations-found.outputs.iac_scan_result }}'
104+ run : |-
105+ REPORT_EXPECTED="tests/resources/sarif.json"
106+ if cmp -s "${REPORT_EXPECTED}" "${REPORT_GENERATED}"; then
106107 exit 1
107108 fi
108- if [ "${{ steps.violations-found.outputs.iac_scan_result } }" != "passed" ]; then
109+ if [ "${SCAN_RESULT }" != "passed" ]; then
109110 exit 1
110111 fi
111112
@@ -117,14 +118,17 @@ jobs:
117118 scan_file_ref : ' tests/resources/no-violations-tf_plan.json'
118119 iac_type : ' terraform'
119120 failure_criteria : ' CRITICAL:2, Operator:OR'
121+
120122 - name : ' Check scan result and report not generated.'
121- run : |
122- report_expected="tests/resources/zero_violations_sarif.json"
123- report_generated="${{ steps.no-violations-found.outputs.iac_scan_result_sarif_path }}"
124- if cmp -s "$report_expected" "$report_generated"; then
123+ env :
124+ REPORT_GENERATED : ' ${{ steps.no-violations-found.outputs.iac_scan_result_sarif_path }}'
125+ SCAN_RESULT : ' ${{ steps.no-violations-found.outputs.iac_scan_result }}'
126+ run : |-
127+ REPORT_EXPECTED="tests/resources/zero_violations_sarif.json"
128+ if cmp -s "${REPORT_EXPECTED}" "${REPORT_GENERATED}"; then
125129 exit 1
126130 fi
127- if [ "${{ steps.no-violations-found.outputs.iac_scan_result } }" != "passed" ]; then
131+ if [ "${SCAN_RESULT }" != "passed" ]; then
128132 exit 1
129133 fi
130134
@@ -138,12 +142,16 @@ jobs:
138142 iac_type : ' terraform'
139143 failure_criteria : ' HIGH:1, Operator:OR'
140144 continue-on-error : true
145+
141146 - name : ' Check scan result and action build status'
142- run : |
143- if [ "${{ steps.failure-criteria-satisfied.outputs.iac_scan_result }}" != "failed" ]; then
147+ env :
148+ SCAN_RESULT : ' ${{ steps.failure-criteria-satisfied.outputs.iac_scan_result }}'
149+ SCAN_ERROR : ' ${{ steps.failure-criteria-satisfied.outcome }}'
150+ run : |-
151+ if [ "${SCAN_RESULT}" != "failed" ]; then
144152 exit 1
145153 fi
146- if [ "${{ steps.failure-criteria-satisfied.outcome }} " != "failure"]; then
154+ if [ "${SCAN_ERROR} " != "failure" ]; then
147155 exit 1
148156 fi
149157
@@ -157,9 +165,12 @@ jobs:
157165 iac_type : ' terraform'
158166 ignore_violations : ' true'
159167 failure_criteria : ' HIGH:1, Operator:OR'
168+
160169 - name : ' Check scan result'
161- run : |
162- if [ "${{ steps.failure-criteria-satisfied-ignore-violations-true.outputs.iac_scan_result }}" != "failed" ]; then
170+ env :
171+ SCAN_RESULT : ' ${{ steps.failure-criteria-satisfied-ignore-violations-true.outputs.iac_scan_result }}'
172+ run : |-
173+ if [ "${SCAN_RESULT}" != "failed" ]; then
163174 exit 1
164175 fi
165176
@@ -172,12 +183,16 @@ jobs:
172183 scan_file_ref : ' tests/resources/with-violations-tf_plan.json'
173184 iac_type : ' terraform'
174185 continue-on-error : true
186+
175187 - name : ' Check scan result and build status'
176- run : |
177- if [ "${{ steps.action-internal-error.outputs.iac_scan_result }}" != "error" ]; then
188+ env :
189+ SCAN_RESULT : ' ${{ steps.action-internal-error.outputs.iac_scan_result }}'
190+ SCAN_ERROR : ' ${{ steps.action-internal-error.outcome }}'
191+ run : |-
192+ if [ "${SCAN_RESULT}" != "error" ]; then
178193 exit 1
179194 fi
180- if [ "${{ steps.action-internal-error.outcome } }" != "failure" ]; then
195+ if [ "${SCAN_ERROR }" != "failure" ]; then
181196 exit 1
182197 fi
183198
@@ -189,8 +204,11 @@ jobs:
189204 scan_file_ref : ' tests/resources/with-violations-tf_plan.json'
190205 iac_type : ' terraform'
191206 fail_silently : ' true'
192- - name : Check scan result
193- run : |
194- if [ "${{ steps.action-internal-error-fail-silently-true.outputs.iac_scan_result }}" != "error" ]; then
207+
208+ - name : ' Check scan result'
209+ env :
210+ SCAN_RESULT : ' ${{ steps.action-internal-error-fail-silently-true.outputs.iac_scan_result }}'
211+ run : |-
212+ if [ "${SCAN_RESULT}" != "error" ]; then
195213 exit 1
196214 fi
0 commit comments