Add Caching to scan-container (#463)

Signed-off-by: tylertitsworth <[email protected]> Signed-off-by: jafraustro <[email protected]>
intel · Oct 21, 2024 · 3e8afb8 · 3e8afb8
1 parent dfd2076
commit 3e8afb8
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 44 deletions.
diff --git a/.github/scan/action.yml b/.github/scan/action.yml
diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml
@@ -159,10 +159,14 @@ jobs:
     - name: Pull Image
       run: docker pull ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
     - name: Scan Container
-      uses: intel/ai-containers/.github/scan@main
+      uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
       with:
+        cache: true
+        format: sarif
+        github-pat: ${{ secrets.GITHUB_TOKEN }}
         image-ref: ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
         output: ${{ matrix.container }}-scan.sarif
+        timeout: 30m0s
     - name: Cleanup
       if: always()
       run: docker rmi -f ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}

diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml
@@ -88,16 +88,15 @@ jobs:
       id: summary
       shell: bash
       run: |
-        SUMMARY=$(find . -maxdepth 3 -name '*summary.json' -print)
+        SUMMARY=$(find . -maxdepth 1 -name '*summary.json' -print)
         if [[ -n "$SUMMARY" ]]; then
-          echo "summary=$SUMMARY" >> "$GITHUB_OUTPUT"
-          echo "Files matching the pattern test-runner-summary*.json found in the directory"
-          summary_dir=$(dirname "$SUMMARY")
-          jq -s '[.[] | .[]]' $summary_dir/*summary.json > combined.json
+          echo "summary=true" >> $GITHUB_OUTPUT
+          echo "Files matching the pattern ./*summary.json"
+          jq -s '[.[] | .[]]' ./*summary.json > combined.json
           echo "Files found in the directory"
         else
-          echo "summary=false" >> "$GITHUB_OUTPUT"
-          echo "No files matching the pattern test-runner-summary*.json found in the directory"
+          echo "summary=false" >> $GITHUB_OUTPUT
+          echo "No files matching the pattern ./*summary.json"
         fi
     - name: Generate TXT file
       if: ${{ steps.summary.outputs.summary != 'false' }}
@@ -118,7 +117,7 @@ jobs:
           fi
         } >> output.txt
     - name: PR-comment
-      if: ${{ steps.summary.outputs.summary == 'true' }}
+      if: ${{ steps.summary.outputs.summary != 'false' }}
       uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
       with:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}