Skip to content

Commit

Permalink
Merge pull request #264 from Yubico/scan_no_creds
Browse files Browse the repository at this point in the history 
Do not attempt scan if missing docker registry credentials
  • Loading branch information
Gabriel Kihlman committed Sep 7, 2020
2 parents 0b27308 + 3083d30 commit 0f9aef9
Showing 1 changed file with 12 additions and 10 deletions.
22 changes: 12 additions & 10 deletions .github/workflows/scan.yml
View file
Expand Up @@ -9,6 +9,7 @@ env:
SCAN_IMG:
yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1
PVS_IGNORE_WARNINGS: "V1037,V1048"
SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}

jobs:
build:
Expand All @@ -17,18 +18,19 @@ jobs:
steps:
- uses: actions/checkout@master

- name: Prep scan
run: |
docker login yubico-yes-docker-local.jfrog.io/ \
-u svc-static-code-analysis-reader \
-p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
docker pull ${SCAN_IMG}
- name: Scan but do not fail on warnings
run: |
docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
-e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \
-e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} || true
if [ "${SECRET}" != "" ]; then
docker login yubico-yes-docker-local.jfrog.io/ \
-u svc-static-code-analysis-reader -p ${SECRET}
docker pull ${SCAN_IMG}
docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
-e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \
-e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG}
else
echo "No docker registry credentials, not scanning"
fi
continue-on-error: true

- uses: actions/upload-artifact@master
if: failure()
Expand Down

0 comments on commit 0f9aef9

Please sign in to comment.