Skip to content

Commit

Permalink
Only run steps if there are vulnerabilities
Browse files Browse the repository at this point in the history
I thought that `exit 0` in the "Exit if No Vulnerabilities Found" step
would completely exit the workflow, but it doesn't! We need to check for
vulnerabilities before each step.
  • Loading branch information
shanebonham committed Dec 18, 2024
1 parent d5ab21c commit 17b325a
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,25 +22,27 @@ runs:
- name: Exit if No Vulnerabilities Found
if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'false' }}
run: |
echo "No vulnerabilities found. Exiting workflow."
exit 0
echo "No vulnerabilities found."
shell: bash

- name: Save Audit Output to File
if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }}
run: |
jq -r . <<EOF > audit_output.txt
${{ steps.bundle_audit.outputs.audit_output }}
EOF
shell: bash

- name: Split Vulnerabilities
if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }}
run: |
cat audit_output.txt
awk '/^Name:/,/^Solution:/' audit_output.txt | csplit -f vuln - '/^Name:/' '{*}' > /dev/null || true
find . -name 'vuln*' -size 0 -delete
shell: bash

- name: Process Vulnerabilities and Create Asana Tasks
if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }}
env:
ASANA_TOKEN: ${{ inputs.asana_token }}
ASANA_PROJECT_ID: ${{ inputs.asana_project_id }}
Expand Down

0 comments on commit 17b325a

Please sign in to comment.