diff --git a/.github/scan/action.yml b/.github/scan/action.yml deleted file mode 100644 index fde7f94c..00000000 --- a/.github/scan/action.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2024 Intel Corporation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: 'Aqua Security Trivy' -description: 'Scans container images for vulnerabilities with Trivy without building the image. For use behind firewalls.' -author: 'tyler.titsworth@intel.com' -inputs: - image-ref: - description: 'image reference(for backward compatibility)' - required: true - output: - description: 'writes results to a file with the specified file name' - required: true -runs: - using: 'docker' - image: "docker://ghcr.io/aquasecurity/trivy" - entrypoint: trivy - args: - - '--timeout=30m' - - image - - '--format=sarif' - - '--no-progress' - - '--output=${{ inputs.output }}' - - ${{ inputs.image-ref }} diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml index 85e80c20..ad99a4a3 100644 --- a/.github/workflows/container-ci.yaml +++ b/.github/workflows/container-ci.yaml @@ -159,10 +159,14 @@ jobs: - name: Pull Image run: docker pull ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }} - name: Scan Container - uses: intel/ai-containers/.github/scan@main + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: + cache: true + format: sarif + github-pat: ${{ secrets.GITHUB_TOKEN }} image-ref: ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }} output: ${{ matrix.container }}-scan.sarif + timeout: 30m0s - name: Cleanup if: always() run: docker rmi -f ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }} diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml index 3d1ba36b..183f0149 100644 --- a/.github/workflows/integration-test.yaml +++ b/.github/workflows/integration-test.yaml @@ -88,16 +88,15 @@ jobs: id: summary shell: bash run: | - SUMMARY=$(find . -maxdepth 3 -name '*summary.json' -print) + SUMMARY=$(find . -maxdepth 1 -name '*summary.json' -print) if [[ -n "$SUMMARY" ]]; then - echo "summary=$SUMMARY" >> "$GITHUB_OUTPUT" - echo "Files matching the pattern test-runner-summary*.json found in the directory" - summary_dir=$(dirname "$SUMMARY") - jq -s '[.[] | .[]]' $summary_dir/*summary.json > combined.json + echo "summary=true" >> $GITHUB_OUTPUT + echo "Files matching the pattern ./*summary.json" + jq -s '[.[] | .[]]' ./*summary.json > combined.json echo "Files found in the directory" else - echo "summary=false" >> "$GITHUB_OUTPUT" - echo "No files matching the pattern test-runner-summary*.json found in the directory" + echo "summary=false" >> $GITHUB_OUTPUT + echo "No files matching the pattern ./*summary.json" fi - name: Generate TXT file if: ${{ steps.summary.outputs.summary != 'false' }} @@ -118,7 +117,7 @@ jobs: fi } >> output.txt - name: PR-comment - if: ${{ steps.summary.outputs.summary == 'true' }} + if: ${{ steps.summary.outputs.summary != 'false' }} uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}