Skip to content

Commit e43710f

Browse files
manavgupmanavgup
committed
fix: only upload SARIF files when they exist
Scanning tools (Hadolint, Dockle, Trivy, Grype) may fail without creating SARIF output files. Upload steps were failing with "Path does not exist" errors when trying to upload non-existent files. Changes: - Add hashFiles() check to all SARIF upload conditions - Add continue-on-error to Grype scan steps - Remove unnecessary 'exit 0' from Hadolint and Dockle steps This prevents upload failures when scanning tools don't produce output files. Fixes SARIF upload errors in PR #1166 Signed-off-by: Manav Gupta <[email protected]>
1 parent b8bc595 commit e43710f

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

.github/workflows/docker-image.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -72,11 +72,10 @@ jobs:
7272
run: |
7373
curl -sSL https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint
7474
chmod +x /usr/local/bin/hadolint
75-
hadolint -f sarif Containerfile.lite > hadolint-results.sarif
75+
hadolint -f sarif Containerfile.lite > hadolint-results.sarif || true
7676
echo "HADOLINT_EXIT=$?" >> "$GITHUB_ENV"
77-
exit 0
7877
- name: ☁️ Upload Hadolint SARIF
79-
if: always()
78+
if: always() && hashFiles('hadolint-results.sarif') != ''
8079
uses: github/codeql-action/upload-sarif@v3
8180
with:
8281
sarif_file: hadolint-results.sarif
@@ -147,11 +146,10 @@ jobs:
147146
| tar -xz -C /usr/local/bin dockle
148147
dockle --exit-code 1 --format sarif \
149148
--output dockle-results.sarif \
150-
$IMAGE_NAME:latest
149+
$IMAGE_NAME:latest || true
151150
echo "DOCKLE_EXIT=$?" >> "$GITHUB_ENV"
152-
exit 0
153151
- name: ☁️ Upload Dockle SARIF
154-
if: always()
152+
if: always() && hashFiles('dockle-results.sarif') != ''
155153
uses: github/codeql-action/upload-sarif@v3
156154
with:
157155
sarif_file: dockle-results.sarif
@@ -180,7 +178,7 @@ jobs:
180178
severity: CRITICAL
181179
exit-code: 0
182180
- name: ☁️ Upload Trivy SARIF
183-
if: always() && env.TRIVY_ENABLED == 'true'
181+
if: always() && env.TRIVY_ENABLED == 'true' && hashFiles('trivy-results.sarif') != ''
184182
uses: github/codeql-action/upload-sarif@v3
185183
with:
186184
sarif_file: trivy-results.sarif
@@ -189,13 +187,15 @@ jobs:
189187
run: |
190188
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
191189
- name: 🔍 Grype vulnerability scan
190+
continue-on-error: true
192191
run: |
193192
grype ${{ env.IMAGE_NAME }}:latest --scope all-layers --only-fixed
194193
- name: 📄 Generating Grype SARIF report
194+
continue-on-error: true
195195
run: |
196196
grype ${{ env.IMAGE_NAME }}:latest --scope all-layers --output sarif --file grype-results.sarif
197197
- name: ☁️ Upload Grype SARIF
198-
if: always()
198+
if: always() && hashFiles('grype-results.sarif') != ''
199199
uses: github/codeql-action/upload-sarif@v3
200200
with:
201201
sarif_file: grype-results.sarif

0 commit comments

Comments
 (0)