Debug ci pipeline 2 (#153)

* Fix more ci pipeline yaml * Rework snyk reporting to Kosli
cyber-dojo · Feb 29, 2024 · 8e6c4e1 · 8e6c4e1
1 parent 0cb0210
commit 8e6c4e1
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 36 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -177,29 +177,22 @@ jobs:
       - name: Setup Snyk
         uses: snyk/actions/setup@master
 
-      - name: Run Snyk to check Docker image for vulnerabilities
-        continue-on-error: true
+      - name: Run Snyk container scan and report results to Kosli Trail
+        env:
+          KOSLI_ATTACHMENTS: /tmp/kosli_attachments
         run: |
-          KOSLI_ATTACHMENTS=/tmp/kosli
-          rm -rf "${KOSLI_ATTACHMENTS}" || true
-          mkdir -p "${KOSLI_ATTACHMENTS}"
           cp .snyk "${KOSLI_ATTACHMENTS}"
           
-          snyk container test "${IMAGE_NAME}" 
-            --file=Dockerfile
-            --sarif
-            --sarif-file-output=snyk.container.scan.json 
+          set +e          
+          snyk container test "${IMAGE_NAME}" \
+            --file=Dockerfile \
+            --sarif \
+            --sarif-file-output=snyk.container.scan.json \
             --policy-path=.snyk | tee "${KOSLI_ATTACHMENTS}/snyk.container.scan.log
+          set -e
 
-      - name: Attest Snyk results to Kosli Trail
-        run: |
-          env | grep KOSLI_ATTACHMENTS || true 
-          KOSLI_ATTACHMENTS=/tmp/kosli
-          ls -al /tmp
-          ls -al "${KOSLI_ATTACHMENTS}"
-          
-          kosli attest snyk "${IMAGE_NAME}" 
-            --name=dashboard.snyk-container-scan 
+          kosli attest snyk "${IMAGE_NAME}" \
+            --name=dashboard.snyk-container-scan \
             --scan-results=snyk.container.scan.json
 
 

diff --git a/.github/workflows/main_staging.yml b/.github/workflows/main_staging.yml
@@ -167,29 +167,22 @@ jobs:
       - name: Setup Snyk
         uses: snyk/actions/setup@master
 
-      - name: Run Snyk to check Docker image for vulnerabilities
-        continue-on-error: true
+      - name: Run Snyk container scan and report results to Kosli Trail
+        env:
+          KOSLI_ATTACHMENTS: /tmp/kosli_attachments
         run: |
-          KOSLI_ATTACHMENTS=/tmp/kosli
-          rm -rf "${KOSLI_ATTACHMENTS}" || true
-          mkdir -p "${KOSLI_ATTACHMENTS}"
           cp .snyk "${KOSLI_ATTACHMENTS}"
           
-          snyk container test "${IMAGE_NAME}" 
-            --file=Dockerfile
-            --sarif
-            --sarif-file-output=snyk.container.scan.json 
+          set +e          
+          snyk container test "${IMAGE_NAME}" \
+            --file=Dockerfile \
+            --sarif \
+            --sarif-file-output=snyk.container.scan.json \
             --policy-path=.snyk | tee "${KOSLI_ATTACHMENTS}/snyk.container.scan.log
+          set -e
 
-      - name: Attest Snyk results to Kosli Trail
-        run: |
-          env | grep KOSLI_ATTACHMENTS || true           
-          KOSLI_ATTACHMENTS=/tmp/kosli
-          ls -al /tmp
-          ls -al "${KOSLI_ATTACHMENTS}"
-          
-          kosli attest snyk "${IMAGE_NAME}" 
-            --name=dashboard.snyk-container-scan 
+          kosli attest snyk "${IMAGE_NAME}" \
+            --name=dashboard.snyk-container-scan \
             --scan-results=snyk.container.scan.json