diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2024-05-10 20:22:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-10 19:22:10 +0000 |
| commit | ecbd312e635dd133a3f62cab0f6bb51fda58152f (patch) | |
| tree | ef5e0876f6d647e16be1d48d88534b72e2694732 | |
| parent | edb83f87058e932fea87af5149f9b94798786f17 (diff) | |
build: attempt to fix trivy action config (#2061)
* build: attempt to fix trivy action config
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
* build: remove cc-test-reporter call
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
---------
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
| -rw-r--r-- | .github/workflows/build.yml | 14 | ||||
| -rw-r--r-- | .github/workflows/image-scan.yml | 9 |
2 files changed, 8 insertions, 15 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20eff105..fe971c0f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,19 +25,7 @@ jobs: with: name: gomplate path: bin/gomplate - - name: make test - run: | - [ -n "$CC_TEST_REPORTER_ID" ] && cc-test-reporter before-build - make test - EXIT_CODE=$? - - if [ -n "$CC_TEST_REPORTER_ID" ]; then - # workaround from https://github.com/codeclimate/test-reporter/issues/378 - export PREFIX=$(go list -m) - cc-test-reporter after-build -t gocov -p $PREFIX --exit-code $EXIT_CODE - fi - env: - CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} + - run: make test - run: make integration windows-build: runs-on: windows-latest diff --git a/.github/workflows/image-scan.yml b/.github/workflows/image-scan.yml index 0de16618..78a4f2a3 100644 --- a/.github/workflows/image-scan.yml +++ b/.github/workflows/image-scan.yml @@ -34,10 +34,15 @@ jobs: image-ref: gomplate format: sarif output: trivy-results.sarif - exit-code: 1 + # exit-code: 1 ignore-unfixed: true vuln-type: os,library - severity: CRITICAL,HIGH + # The SARIF format ignores severity and uploads all vulnerabilities for + # later triage. The table-format step above is used to fail the build if + # there are any critical or high vulnerabilities. + # See https://github.com/aquasecurity/trivy-action/issues/95 + # severity: 'CRITICAL,HIGH' + trivyignores: .trivyignore - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: |