From 89fdc44e6605204bdc78d67b96401376d5eb7082 Mon Sep 17 00:00:00 2001 From: Martin Hrabovcin Date: Mon, 19 Feb 2024 18:18:56 +0100 Subject: [PATCH] fix: compare trivy scan results --- .github/actions/copacetic-action/pkg/patch/task.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/actions/copacetic-action/pkg/patch/task.go b/.github/actions/copacetic-action/pkg/patch/task.go index 3d10b87..3d1945c 100644 --- a/.github/actions/copacetic-action/pkg/patch/task.go +++ b/.github/actions/copacetic-action/pkg/patch/task.go @@ -5,6 +5,7 @@ import ( "fmt" "log/slog" "os" + "reflect" "github.com/google/go-containerregistry/pkg/name" "go.step.sm/crypto/randutil" @@ -59,7 +60,11 @@ func Run(ctx context.Context, imageRef string, reg registry.Registry, imageTagSu return t, nil } - logger.Info("found patchable vulnerabilities", "vulnerabilites", report.Vulnerabilities()) + logger.Info( + "found patchable vulnerabilities", + "scanned", imagePatch.Scanned, + "vulnerabilites", report.Vulnerabilities(), + ) buildId, err := randutil.Alphanumeric(5) logger.Info("generated unique buildId", "buildId", buildId) @@ -100,6 +105,10 @@ func Run(ctx context.Context, imageRef string, reg registry.Registry, imageTagSu "original", report.Vulnerabilities(), "patched", patchedReport.Vulnerabilities(), ) + if reflect.DeepEqual(report.Vulnerabilities(), patchedReport.Vulnerabilities()) { + logger.Warn("no vulnerabilties were fixed by running copa", "scannedImage", imagePatch.Scanned) + return t, nil + } // Add labels to the newly built image labels := map[string]string{