From 15cfe9b17d56be841cc79a6417e1973ddf226787 Mon Sep 17 00:00:00 2001 From: erzz Date: Fri, 18 Oct 2024 14:47:53 +0200 Subject: [PATCH] fix: add an output containing a pass/fail result --- action.yaml | 5 +++++ entrypoint.sh | 24 +++++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index aad6fdd..f603712 100644 --- a/action.yaml +++ b/action.yaml @@ -107,6 +107,10 @@ inputs: description: 'skip calling the setup-trivy action to install trivy' required: false default: 'false' +outputs: + result: + description: "Result of the Trivy scan according to the parameters supplied. One of 'pass', 'fail'" + value: ${{ steps.trivy.outputs.result }} runs: using: 'composite' @@ -177,6 +181,7 @@ runs: set_env_var_if_provided "TRIVY_DOCKER_HOST" "${{ inputs.docker-host }}" "" - name: Run Trivy + id: trivy shell: bash run: entrypoint.sh env: diff --git a/entrypoint.sh b/entrypoint.sh index 3f72462..a3514e5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -38,6 +38,10 @@ if [ "${TRIVY_FORMAT:-}" = "sarif" ]; then fi fi +# Ignore TRIVY_EXIT_CODE until formulation of action's output is finalized +export inputExitCode="$TRIVY_EXIT_CODE" +export TRIVY_EXIT_CODE=1 + # Run Trivy cmd=(trivy "$scanType" "$scanRef") echo "Running Trivy with options: ${cmd[*]}" @@ -54,4 +58,22 @@ if [ "${TRIVY_FORMAT:-}" = "github" ]; then fi fi -exit $returnCode \ No newline at end of file +# return an output based on result whilst honoring exit-code input +case $inputExitCode$returnCode in + 00) + echo "result=pass" >> "$GITHUB_OUTPUT" # No findings + exit 0 + ;; + 10) + echo "result=pass" >> "$GITHUB_OUTPUT" # No findings + exit 0 + ;; + 01) + echo "result=fail" >> "$GITHUB_OUTPUT" # Findings present but TRIVY_EXIT_CODE=0 + exit 0 + ;; + 11) + echo "result=fail" >> "$GITHUB_OUTPUT" # Findings present and TRIVY_EXIT_CODE=1 + exit 1 + ;; +esac