Fix govluncheck sarif upload (#6086)

* test if govulncheck will fail on sarif upload, if there is no issue * test if it will skip if there is a results key in the json * check if sarif file has results in image promotion workflow --------- Co-authored-by: Jakub Jarosz <[email protected]>
nginx · Jul 29, 2024 · fc0904a · fc0904a
1 parent 22206e1
commit fc0904a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml
@@ -133,8 +133,18 @@ jobs:
           output-format: sarif
           output-file: govulncheck.sarif
 
+      - name: Check SARIF file
+        id: check-sarif
+        run: |
+          if [ -s govulncheck.sarif ] && grep -q '"results":' govulncheck.sarif; then
+            echo "sarif_has_results=true" >> $GITHUB_OUTPUT
+          else
+            echo "sarif_has_results=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
+        if: steps.check-sarif.outputs.sarif_has_results == 'true'
         with:
           sarif_file: govulncheck.sarif