From 17b325aac5c554cd013c3a687222b8bcb45ebdda Mon Sep 17 00:00:00 2001 From: Shane Bonham Date: Tue, 17 Dec 2024 16:28:12 -0800 Subject: [PATCH] Only run steps if there are vulnerabilities I thought that `exit 0` in the "Exit if No Vulnerabilities Found" step would completely exit the workflow, but it doesn't! We need to check for vulnerabilities before each step. --- action.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index e9a2b55..a4094bf 100644 --- a/action.yml +++ b/action.yml @@ -22,11 +22,11 @@ runs: - name: Exit if No Vulnerabilities Found if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'false' }} run: | - echo "No vulnerabilities found. Exiting workflow." - exit 0 + echo "No vulnerabilities found." shell: bash - name: Save Audit Output to File + if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }} run: | jq -r . < audit_output.txt ${{ steps.bundle_audit.outputs.audit_output }} @@ -34,6 +34,7 @@ runs: shell: bash - name: Split Vulnerabilities + if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }} run: | cat audit_output.txt awk '/^Name:/,/^Solution:/' audit_output.txt | csplit -f vuln - '/^Name:/' '{*}' > /dev/null || true @@ -41,6 +42,7 @@ runs: shell: bash - name: Process Vulnerabilities and Create Asana Tasks + if: ${{ steps.bundle_audit.outputs.has_vulnerabilities == 'true' }} env: ASANA_TOKEN: ${{ inputs.asana_token }} ASANA_PROJECT_ID: ${{ inputs.asana_project_id }}