docker
/
buildx
mirror of https://github.com/docker/buildx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2643 from crazy-max/fix-govulncheck 

hack: ensure SARIF output has results field defined for govulncheck
This commit is contained in:
CrazyMax 2024-08-09 10:55:12 +02:00 committed by GitHub
parent 6467a86427 a3e6f4be15
commit 38a8261f05
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hack/dockerfiles/govulncheck.Dockerfile
View File

@ -6,6 +6,7 @@ ARG FORMAT="text"
FROM golang:${GO_VERSION}-alpine AS base FROM golang:${GO_VERSION}-alpine AS base
WORKDIR /go/src/github.com/docker/buildx WORKDIR /go/src/github.com/docker/buildx
RUN apk add --no-cache jq moreutils
ARG GOVULNCHECK_VERSION ARG GOVULNCHECK_VERSION
RUN --mount=type=cache,target=/root/.cache \ RUN --mount=type=cache,target=/root/.cache \
--mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/go/pkg/mod \
@ -17,6 +18,12 @@ RUN --mount=type=bind,target=. <<EOT
set -ex set -ex
mkdir /out mkdir /out
govulncheck -format ${FORMAT} ./... | tee /out/govulncheck.out govulncheck -format ${FORMAT} ./... | tee /out/govulncheck.out
if [ "${FORMAT}" = "sarif" ]; then
# Make sure "results" field is defined in SARIF output otherwise GitHub Code Scanning
# will fail when uploading report with "Invalid SARIF. Missing 'results' array in run."
# Relates to https://github.com/golang/vuln/blob/ffdef74cc44d7eb71931d8d414c478b966812488/internal/sarif/sarif.go#L69
jq '(.runs[] | select(.results == null) | .results) |= []' /out/govulncheck.out | tee >(sponge /out/govulncheck.out)
fi
EOT EOT
FROM scratch AS output FROM scratch AS output