From 5c685ec0bc8d18f9faa540cb66837c326176c541 Mon Sep 17 00:00:00 2001 From: saisatishkarra Date: Thu, 22 Aug 2024 01:47:11 -0500 Subject: [PATCH] fix grype db logging condition --- security-actions/sca/action.yml | 24 ++++++++--------- security-actions/scan-docker-image/action.yml | 27 +++++++++---------- 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/security-actions/sca/action.yml b/security-actions/sca/action.yml index 28dbad9a..bbfcc26b 100644 --- a/security-actions/sca/action.yml +++ b/security-actions/sca/action.yml @@ -149,25 +149,25 @@ runs: echo "::group::Grype DB Status Check" grype db check -vv || db_check_status=$? if [[ "${db_check_status}" -eq 0 ]]; then - echo "::notice :: Grype DB is already up-to-date" + echo "::notice ::Grype DB is already up-to-date" fi echo "::endgroup::" - echo "::group:: Update Grype DB" + echo "::group::Update Grype DB" if [[ "${db_check_status}" -ne 0 ]] || [[ ${FORCE_GRYPE_DB_UPDATE} == "true" ]]; then grype db update -vv || db_update_status=$? - fi - if [[ "${db_update_status}" -ne 0 ]]; then - GRYPE_DB_UPDATE_MSG="Grype DB updates was not successful. SCA / CVE Grype results might be skipped / unavailable due to DB issues" - if [[ ${FAIL_BUILD} -eq 1 ]]; then - echo "::error ::${GRYPE_DB_UPDATE_MSG}" - exit ${FAIL_BUILD} - elif [[ $FAIL_BUILD -eq 0 ]]; then - echo "::warning ::${GRYPE_DB_UPDATE_MSG}" + if [[ "${db_update_status}" -ne 0 ]]; then + GRYPE_DB_UPDATE_MSG="Grype DB updates was not successful. SCA / CVE Grype results might be skipped / unavailable due to DB issues" + if [[ ${FAIL_BUILD} -eq 1 ]]; then + echo "::error ::${GRYPE_DB_UPDATE_MSG}" + exit ${FAIL_BUILD} + elif [[ $FAIL_BUILD -eq 0 ]]; then + echo "::warning ::${GRYPE_DB_UPDATE_MSG}" + fi + else + echo "::notice ::Grype DB is updated succesfully" fi - else - echo "::notice :: Grype DB is updated succesfully" fi echo "::endgroup::" diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml index 0be9cb73..eb52ebc2 100644 --- a/security-actions/scan-docker-image/action.yml +++ b/security-actions/scan-docker-image/action.yml @@ -154,25 +154,24 @@ runs: echo "::group::Grype DB Status Check" grype db check -vv || db_check_status=$? if [[ "${db_check_status}" -eq 0 ]]; then - echo "::notice :: Grype DB is already up-to-date" + echo "::notice ::Grype DB is already up-to-date" fi echo "::endgroup::" - echo "::group:: Update Grype DB" + echo "::group::Update Grype DB" if [[ "${db_check_status}" -ne 0 ]] || [[ ${FORCE_GRYPE_DB_UPDATE} == "true" ]]; then - grype db update -vv || db_update_status=$? - fi - - if [[ "${db_update_status}" -ne 0 ]]; then - GRYPE_DB_UPDATE_MSG="Grype DB updates was not successful. SCA / CVE Grype results might be skipped / unavailable due to DB issues" - if [[ ${FAIL_BUILD} -eq 1 ]]; then - echo "::error ::${GRYPE_DB_UPDATE_MSG}" - exit ${FAIL_BUILD} - elif [[ $FAIL_BUILD -eq 0 ]]; then - echo "::warning ::${GRYPE_DB_UPDATE_MSG}" + grype db update -vv || db_update_status=$? + if [[ "${db_update_status}" -ne 0 ]]; then + GRYPE_DB_UPDATE_MSG="Grype DB updates was not successful. SCA / CVE Grype results might be skipped / unavailable due to DB issues" + if [[ ${FAIL_BUILD} -eq 1 ]]; then + echo "::error ::${GRYPE_DB_UPDATE_MSG}" + exit ${FAIL_BUILD} + elif [[ $FAIL_BUILD -eq 0 ]]; then + echo "::warning ::${GRYPE_DB_UPDATE_MSG}" + fi + else + echo "::notice ::Grype DB is updated succesfully" fi - else - echo "::notice :: Grype DB is updated succesfully" fi echo "::endgroup::"