feat(docker-build-push): add step summary after trivy results

egose · Oct 24, 2024 · c2f58cb · c2f58cb
1 parent 059cd93
commit c2f58cb
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 4 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
+  rev: v5.0.0
   hooks:
   - id: check-added-large-files
   - id: check-case-conflict
@@ -19,8 +19,8 @@ repos:
   - id: forbid-submodules
   - id: trailing-whitespace
 - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-  rev: v2.7.0
+  rev: v2.14.0
   hooks:
   - id: pretty-format-yaml
     args: [--autofix, --indent, '2']
-default_stages: [commit]
+default_stages: [pre-commit]
diff --git a/docker-build-push/action.yml b/docker-build-push/action.yml
@@ -103,8 +103,22 @@ runs:
       output: trivy-results.json
 
   - name: Convert Trivy JSON report into sarif
+    if: ${{ inputs.trivy == 'true' }}
     run: |
       trivy convert --format sarif --output trivy-results.sarif trivy-results.json
+      trivy convert --format table --output trivy-results.table trivy-results.json
+
+      if [[ -s trivy-results.table ]]; then
+        {
+          echo "### Security Output"
+          echo "<details><summary>Click to expand</summary>"
+          echo ""
+          echo '```markdown'
+          cat trivy-results.table
+          echo '```'
+          echo "</details>"
+        } >> $GITHUB_STEP_SUMMARY
+      fi
     shell: bash
 
   - name: Upload Trivy scan results to GitHub Security tab

diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,2 @@
-pre-commit==3.8.0
+pre-commit==4.0.1
+setuptools==75.2.0