diff --git a/.github/actions/copacetic-action/pkg/image/scan.go b/.github/actions/copacetic-action/pkg/image/scan.go index 35f3fbf..f2fba5a 100644 --- a/.github/actions/copacetic-action/pkg/image/scan.go +++ b/.github/actions/copacetic-action/pkg/image/scan.go @@ -4,8 +4,10 @@ import ( "bytes" "context" "encoding/json" + "fmt" "os" "os/exec" + "slices" "github.com/aquasecurity/trivy/pkg/types" ) @@ -30,6 +32,16 @@ func (r *Report) Vulnerabilities() []types.DetectedVulnerability { return vulnerabilities } +func VulnerabilitiesIdsSorted(vulns []types.DetectedVulnerability) []string { + result := []string{} + for _, v := range vulns { + id := fmt.Sprintf("%s-%s-%s", v.VulnerabilityID, v.PkgName, v.InstalledVersion) + result = append(result, id) + } + slices.Sort(result) + return result +} + type CmdErr struct { Err error Stdout []byte diff --git a/.github/actions/copacetic-action/pkg/patch/task.go b/.github/actions/copacetic-action/pkg/patch/task.go index 3d1945c..aedbb71 100644 --- a/.github/actions/copacetic-action/pkg/patch/task.go +++ b/.github/actions/copacetic-action/pkg/patch/task.go @@ -5,7 +5,7 @@ import ( "fmt" "log/slog" "os" - "reflect" + "slices" "github.com/google/go-containerregistry/pkg/name" "go.step.sm/crypto/randutil" @@ -105,8 +105,16 @@ func Run(ctx context.Context, imageRef string, reg registry.Registry, imageTagSu "original", report.Vulnerabilities(), "patched", patchedReport.Vulnerabilities(), ) - if reflect.DeepEqual(report.Vulnerabilities(), patchedReport.Vulnerabilities()) { - logger.Warn("no vulnerabilties were fixed by running copa", "scannedImage", imagePatch.Scanned) + + if slices.Equal( + image.VulnerabilitiesIdsSorted(report.Vulnerabilities()), + image.VulnerabilitiesIdsSorted(patchedReport.Vulnerabilities()), + ) { + logger.Warn("no vulnerabilties were fixed by running copa", + "scannedImage", imagePatch.Scanned, + "scanned", image.VulnerabilitiesIdsSorted(report.Vulnerabilities()), + "patched", image.VulnerabilitiesIdsSorted(patchedReport.Vulnerabilities()), + ) return t, nil }