mirror of https://github.com/docker/buildx.git
Merge pull request #2643 from crazy-max/fix-govulncheck
hack: ensure SARIF output has results field defined for govulncheck
This commit is contained in:
commit
38a8261f05
|
@ -6,6 +6,7 @@ ARG FORMAT="text"
|
|||
|
||||
FROM golang:${GO_VERSION}-alpine AS base
|
||||
WORKDIR /go/src/github.com/docker/buildx
|
||||
RUN apk add --no-cache jq moreutils
|
||||
ARG GOVULNCHECK_VERSION
|
||||
RUN --mount=type=cache,target=/root/.cache \
|
||||
--mount=type=cache,target=/go/pkg/mod \
|
||||
|
@ -17,6 +18,12 @@ RUN --mount=type=bind,target=. <<EOT
|
|||
set -ex
|
||||
mkdir /out
|
||||
govulncheck -format ${FORMAT} ./... | tee /out/govulncheck.out
|
||||
if [ "${FORMAT}" = "sarif" ]; then
|
||||
# Make sure "results" field is defined in SARIF output otherwise GitHub Code Scanning
|
||||
# will fail when uploading report with "Invalid SARIF. Missing 'results' array in run."
|
||||
# Relates to https://github.com/golang/vuln/blob/ffdef74cc44d7eb71931d8d414c478b966812488/internal/sarif/sarif.go#L69
|
||||
jq '(.runs[] | select(.results == null) | .results) |= []' /out/govulncheck.out | tee >(sponge /out/govulncheck.out)
|
||||
fi
|
||||
EOT
|
||||
|
||||
FROM scratch AS output
|
||||
|
|
Loading…
Reference in New Issue