fix: add an output containing a pass/fail result

erzz · Oct 18, 2024 · 15cfe9b · 15cfe9b
1 parent fc1500a
commit 15cfe9b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/action.yaml b/action.yaml
@@ -107,6 +107,10 @@ inputs:
     description: 'skip calling the setup-trivy action to install trivy'
     required: false
     default: 'false'
+outputs:
+  result:
+    description: "Result of the Trivy scan according to the parameters supplied. One of 'pass', 'fail'"
+    value: ${{ steps.trivy.outputs.result }}
 
 runs:
   using: 'composite'
@@ -177,6 +181,7 @@ runs:
         set_env_var_if_provided "TRIVY_DOCKER_HOST" "${{ inputs.docker-host }}" ""
 
     - name: Run Trivy
+      id: trivy
       shell: bash
       run: entrypoint.sh
       env:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -38,6 +38,10 @@ if [ "${TRIVY_FORMAT:-}" = "sarif" ]; then
   fi
 fi
 
+# Ignore TRIVY_EXIT_CODE until formulation of action's output is finalized
+export inputExitCode="$TRIVY_EXIT_CODE"
+export TRIVY_EXIT_CODE=1
+
 # Run Trivy
 cmd=(trivy "$scanType" "$scanRef")
 echo "Running Trivy with options: ${cmd[*]}"
@@ -54,4 +58,22 @@ if [ "${TRIVY_FORMAT:-}" = "github" ]; then
   fi
 fi
 
-exit $returnCode
+# return an output based on result whilst honoring exit-code input
+case $inputExitCode$returnCode in
+  00)
+    echo "result=pass" >> "$GITHUB_OUTPUT" # No findings
+    exit 0
+    ;;
+  10)
+    echo "result=pass" >> "$GITHUB_OUTPUT" # No findings
+    exit 0
+    ;;
+  01)
+    echo "result=fail" >> "$GITHUB_OUTPUT" # Findings present but TRIVY_EXIT_CODE=0 
+    exit 0
+    ;;
+  11)
+    echo "result=fail" >> "$GITHUB_OUTPUT" # Findings present and TRIVY_EXIT_CODE=1
+    exit 1
+    ;;
+esac