From c2f58cbd9a4423fba66c4ab841b1539e4e9c66ac Mon Sep 17 00:00:00 2001 From: "j.dev" Date: Wed, 23 Oct 2024 21:11:33 -0700 Subject: [PATCH] feat(docker-build-push): add step summary after trivy results --- .pre-commit-config.yaml | 6 +++--- docker-build-push/action.yml | 14 ++++++++++++++ requirements.txt | 3 ++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9629c5b..cb1be00 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v5.0.0 hooks: - id: check-added-large-files - id: check-case-conflict @@ -19,8 +19,8 @@ repos: - id: forbid-submodules - id: trailing-whitespace - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks - rev: v2.7.0 + rev: v2.14.0 hooks: - id: pretty-format-yaml args: [--autofix, --indent, '2'] -default_stages: [commit] +default_stages: [pre-commit] diff --git a/docker-build-push/action.yml b/docker-build-push/action.yml index 84fe839..df01e68 100644 --- a/docker-build-push/action.yml +++ b/docker-build-push/action.yml @@ -103,8 +103,22 @@ runs: output: trivy-results.json - name: Convert Trivy JSON report into sarif + if: ${{ inputs.trivy == 'true' }} run: | trivy convert --format sarif --output trivy-results.sarif trivy-results.json + trivy convert --format table --output trivy-results.table trivy-results.json + + if [[ -s trivy-results.table ]]; then + { + echo "### Security Output" + echo "
Click to expand" + echo "" + echo '```markdown' + cat trivy-results.table + echo '```' + echo "
" + } >> $GITHUB_STEP_SUMMARY + fi shell: bash - name: Upload Trivy scan results to GitHub Security tab diff --git a/requirements.txt b/requirements.txt index 1509fe7..975f1e3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ -pre-commit==3.8.0 +pre-commit==4.0.1 +setuptools==75.2.0