Mercurial > p > roundup > code
comparison .github/workflows/anchore.yml @ 7116:86dae713d4c6
Try to make anchore failure fail build but upload results
The actions page shows all runs as successful despite anchore opening
three security errors. I am trying to get the build for anchore to
fail but still upload its SARIF report and to cat the SARIF report.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 28 Dec 2022 19:08:43 -0500 |
| parents | 7442bc16724f |
| children | 572d1a9f875c |
comparison
equal
deleted
inserted
replaced
| 7115:ddc007819528 | 7116:86dae713d4c6 |
|---|---|
| 42 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled | 42 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
| 43 uses: anchore/scan-action@v3 | 43 uses: anchore/scan-action@v3 |
| 44 id: scan | 44 id: scan |
| 45 with: | 45 with: |
| 46 image: "localbuild/testimage:latest" | 46 image: "localbuild/testimage:latest" |
| 47 fail-build: false | 47 fail-build: true |
| 48 - name: Upload Anchore Scan Report | 48 - name: Upload Anchore Scan Report |
| 49 if: always() | |
| 49 uses: github/codeql-action/upload-sarif@v2 | 50 uses: github/codeql-action/upload-sarif@v2 |
| 50 with: | 51 with: |
| 51 sarif_file: ${{ steps.scan.outputs.sarif }} | 52 sarif_file: ${{ steps.scan.outputs.sarif }} |
| 52 - name: Inspect action SARIF report | 53 - name: Inspect action SARIF report |
| 54 if: always() | |
| 53 run: cat ${{ steps.scan.outputs.sarif }} | 55 run: cat ${{ steps.scan.outputs.sarif }} |