Mercurial > p > roundup > code
comparison .github/workflows/anchore.yml @ 7044:619563fbe2d3
Fix version identofier for Anchore scan
use anything on v3. Also dump serif output file. Also add id and
use ${{ steps.scan.outputs.sarif }} rather than hardcoded file name
to match example.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 07 Nov 2022 19:18:30 -0500 |
| parents | 02321d2c8458 |
| children | 7442bc16724f |
comparison
equal
deleted
inserted
replaced
| 7043:02321d2c8458 | 7044:619563fbe2d3 |
|---|---|
| 38 - name: Checkout the code | 38 - name: Checkout the code |
| 39 uses: actions/checkout@v3 | 39 uses: actions/checkout@v3 |
| 40 - name: Build the Docker image | 40 - name: Build the Docker image |
| 41 run: docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest | 41 run: docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest |
| 42 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled | 42 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
| 43 uses: anchore/scan-action@3.3.1 | 43 uses: anchore/scan-action@v3 |
| 44 id: scan | |
| 44 with: | 45 with: |
| 45 image: "localbuild/testimage:latest" | 46 image: "localbuild/testimage:latest" |
| 46 acs-report-enable: true | 47 acs-report-enable: true |
| 47 fail-build: false | 48 fail-build: false |
| 48 - name: Upload Anchore Scan Report | 49 - name: Upload Anchore Scan Report |
| 49 uses: github/codeql-action/upload-sarif@v2 | 50 uses: github/codeql-action/upload-sarif@v2 |
| 50 with: | 51 with: |
| 51 sarif_file: results.sarif | 52 sarif_file: ${{ steps.scan.outputs.sarif }} |
| 53 - name: Inspect action SARIF report | |
| 54 run: cat ${{ steps.scan.outputs.sarif }} |