Update post release scans

OpenC3 · Aug 21, 2023 · 228d2c4 · 228d2c4
1 parent bce4796
commit 228d2c4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 23 deletions.
diff --git a/.github/workflows/post_release_clamav.yml b/.github/workflows/post_release_clamav.yml
@@ -25,6 +25,8 @@ jobs:
           ruby-version: 3.2
           bundler-cache: false # runs 'bundle install' and caches installed gems automatically
           working-directory: openc3
+      - name: Create clamav_results folder
+        run: mkdir scripts/release/clamav_results
       - name: Get current date
         id: date
         run: echo "::set-output name=date::$(date -u '+%m_%d_%y_%H_%M_%S')"
@@ -33,34 +35,37 @@ jobs:
         shell: 'script -q -e -c "bash {0}"'
         run: ./scripts/release/clamav_setup.sh
       - name: ClamAV scan image ruby
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-ruby:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-ruby:${{ github.event.inputs.version }} pull clamav_results/openc3-ruby.txt
         working-directory: scripts/release
       - name: ClamAV scan image node
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-node:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-node:${{ github.event.inputs.version }} pull clamav_results/openc3-node.txt
         working-directory: scripts/release
       - name: ClamAV scan image base
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-base:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-base:${{ github.event.inputs.version }} pull clamav_results/openc3-base.txt
         working-directory: scripts/release
       - name: ClamAV scan image init
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-init:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-init:${{ github.event.inputs.version }} pull clamav_results/openc3-cosmos-init.txt
         working-directory: scripts/release
       - name: ClamAV scan image redis
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-redis:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-redis:${{ github.event.inputs.version }} pull clamav_results/openc3-redis.txt
         working-directory: scripts/release
       - name: ClamAV scan image minio
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-minio:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-minio:${{ github.event.inputs.version }} pull clamav_results/openc3-minio.txt
         working-directory: scripts/release
       - name: ClamAV scan image operator
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-operator:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-operator:${{ github.event.inputs.version }} pull clamav_results/openc3-operator.txt
         working-directory: scripts/release
       - name: ClamAV scan image cmd-tlm-api
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.event.inputs.version }} pull clamav_results/openc3-cosmos-cmd-tlm-api.txt
         working-directory: scripts/release
       - name: ClamAV scan image script-runner-api
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.event.inputs.version }} pull clamav_results/openc3-cosmos-script-runner-api.txt
         working-directory: scripts/release
       - name: ClamAV scan image traefik
-        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-traefik:${{ github.event.inputs.version }} pull clamav_results.txt
+        run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-traefik:${{ github.event.inputs.version }} pull clamav_results/openc3-traefik.txt
+        working-directory: scripts/release
+      - name: Create zip of clamav results
+        run: zip -r clamav_results.zip clamav_results
         working-directory: scripts/release
       - name: Upload release attachment
         uses: actions/github-script@v4
@@ -81,6 +86,6 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               release_id: release.data.id,
-              name: "${{ steps.date.outputs.date }}_clamav_results_v${{ github.event.inputs.version }}.txt",
-              data: await fs.readFileSync("scripts/release/clamav_results.txt")
+              name: "${{ steps.date.outputs.date }}_clamav_results_v${{ github.event.inputs.version }}.zip",
+              data: await fs.readFileSync("scripts/release/clamav_results.zip")
             });
diff --git a/.github/workflows/post_release_trivy.yml b/.github/workflows/post_release_trivy.yml
@@ -39,7 +39,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-ruby:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-ruby.sbom.json"
       - name: Run Trivy on image node
         uses: aquasecurity/trivy-action@master
@@ -55,7 +55,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-node:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-node.sbom.json"
       - name: Run Trivy on image base
         uses: aquasecurity/trivy-action@master
@@ -71,7 +71,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-base:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-base.sbom.json"
       - name: Run Trivy on image cosmos-init
         uses: aquasecurity/trivy-action@master
@@ -87,7 +87,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-cosmos-init:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-cosmos-init.sbom.json"
       - name: Run Trivy on image redis
         uses: aquasecurity/trivy-action@master
@@ -103,7 +103,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-redis:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-redis.sbom.json"
       - name: Run Trivy on image minio
         uses: aquasecurity/trivy-action@master
@@ -119,7 +119,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-minio:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-minio.sbom.json"
       - name: Run Trivy on image operator
         uses: aquasecurity/trivy-action@master
@@ -135,7 +135,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-operator:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-operator.sbom.json"
       - name: Run Trivy on image cmd-tlm-api
         uses: aquasecurity/trivy-action@master
@@ -151,7 +151,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-cosmos-cmd-tlm-api.sbom.json"
       - name: Run Trivy on image script-runner-api
         uses: aquasecurity/trivy-action@master
@@ -167,7 +167,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-cosmos-script-runner-api.sbom.json"
       - name: Run Trivy on image traefik
         uses: aquasecurity/trivy-action@master
@@ -183,7 +183,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "docker.io/openc3inc/openc3-traefik:${{ github.event.inputs.version }}"
-          format: "github"
+          format: "cyclonedx"
           output: "sbom/openc3-traefik.sbom.json"
       - name: Create zip of trivy results
         run: zip -r trivy_results.zip trivy_results

diff --git a/scripts/release/clamav_scan_image.rb b/scripts/release/clamav_scan_image.rb
@@ -88,7 +88,12 @@
         end
 
         # Do the ClamAV scan!
-        clam_output, _ = Open3.capture2e("docker run --rm -v clamav:/var/lib/clamav -v \"#{temp_dir}/container#{index}:/scanme:ro\" clamav/clamav clamscan -ri /scanme")
+        if output_file == STDOUT
+          clam_output, _ = Open3.capture2e("docker run --rm -v clamav:/var/lib/clamav -v \"#{temp_dir}/container#{index}:/scanme:ro\" clamav/clamav clamscan -ri /scanme")
+        else
+          # List all files
+          clam_output, _ = Open3.capture2e("docker run --rm -v clamav:/var/lib/clamav -v \"#{temp_dir}/container#{index}:/scanme:ro\" clamav/clamav clamscan -r /scanme")
+        end
         output_file.puts clam_output
         output_file.puts
         clam_output.each_line do |line|