Skip to content

Commit

Permalink
fix filtering when there are no issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@julienp
julienp committed Dec 17, 2024
1 parent 22f39b9 commit 3300a20
Showing 1 changed file with 20 additions and 10 deletions.
30 changes: 20 additions & 10 deletions .github/workflows/snyk-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,11 @@ jobs:
image: ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64
args: --severity-threshold=high --file=docker/pulumi/Dockerfile
- name: Filter Sarif File
# GitHub Code Scanning does not allow more than 20 runs per file. We filter out empty runs to avoid this limit.
# GitHub Code Scanning does not allow more than 20 runs per file. We
# filter out empty runs to avoid this limit. Note that the file needs to
# include at least one run.
run: |
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); sarif["runs"] = [run for run in sarif["runs"] if len(run["results"]) > 0]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); runs = [run for run in sarif["runs"] if len(run["results"]) > 0]; sarif["runs"] = runs if len(runs) > 0 else [sarif["runs"][0]]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand All @@ -67,9 +69,11 @@ jobs:
image: ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}-amd64
args: --severity-threshold=high --file=docker/pulumi/Dockerfile
- name: Filter Sarif File
# GitHub Code Scanning does not allow more than 20 runs per file. We filter out empty runs to avoid this limit.
# GitHub Code Scanning does not allow more than 20 runs per file. We
# filter out empty runs to avoid this limit. Note that the file needs to
# include at least one run.
run: |
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); sarif["runs"] = [run for run in sarif["runs"] if len(run["results"]) > 0]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); runs = [run for run in sarif["runs"] if len(run["results"]) > 0]; sarif["runs"] = runs if len(runs) > 0 else [sarif["runs"][0]]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down Expand Up @@ -97,9 +101,11 @@ jobs:
image: ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os }}-${{ matrix.arch }}
args: --severity-threshold=high --file=docker/base/Dockerfile.${{ matrix.os }} --platform=linux/${{ matrix.arch }}
- name: Filter Sarif File
# GitHub Code Scanning does not allow more than 20 runs per file. We filter out empty runs to avoid this limit.
# GitHub Code Scanning does not allow more than 20 runs per file. We
# filter out empty runs to avoid this limit. Note that the file needs to
# include at least one run.
run: |
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); sarif["runs"] = [run for run in sarif["runs"] if len(run["results"]) > 0]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); runs = [run for run in sarif["runs"] if len(run["results"]) > 0]; sarif["runs"] = runs if len(runs) > 0 else [sarif["runs"][0]]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down Expand Up @@ -140,9 +146,11 @@ jobs:
image: ${{ env.IMAGE_NAME }}
args: --severity-threshold=high --file=docker/${{ matrix.sdk }}/Dockerfile.debian --platform=linux/${{ matrix.arch }}
- name: Filter Sarif File
# GitHub Code Scanning does not allow more than 20 runs per file. We filter out empty runs to avoid this limit.
# GitHub Code Scanning does not allow more than 20 runs per file. We
# filter out empty runs to avoid this limit. Note that the file needs to
# include at least one run.
run: |
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); sarif["runs"] = [run for run in sarif["runs"] if len(run["results"]) > 0]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); runs = [run for run in sarif["runs"] if len(run["results"]) > 0]; sarif["runs"] = runs if len(runs) > 0 else [sarif["runs"][0]]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand All @@ -169,9 +177,11 @@ jobs:
image: ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi
args: --severity-threshold=high --file=docker/${{ matrix.sdk }}/Dockerfile.ubi --platform=linux/amd64
- name: Filter Sarif File
# GitHub Code Scanning does not allow more than 20 runs per file. We filter out empty runs to avoid this limit.
# GitHub Code Scanning does not allow more than 20 runs per file. We
# filter out empty runs to avoid this limit. Note that the file needs to
# include at least one run.
run: |
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); sarif["runs"] = [run for run in sarif["runs"] if len(run["results"]) > 0]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
python -c 'import json; sarif = json.loads(open("snyk.sarif").read()); runs = [run for run in sarif["runs"] if len(run["results"]) > 0]; sarif["runs"] = runs if len(runs) > 0 else [sarif["runs"][0]]; open("out.sarif", "w").write(json.dumps(sarif, indent=2))'
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down

0 comments on commit 3300a20

Please sign in to comment.