improve path collision fix

canonical · Nov 22, 2024 · 3b24449 · 3b24449
1 parent 5c299a5
commit 3b24449
Showing 1 changed file with 23 additions and 14 deletions.
diff --git a/.github/workflows/Vulnerability-Scan.yaml b/.github/workflows/Vulnerability-Scan.yaml
@@ -25,7 +25,7 @@ on:
 
 env:
   VULNERABILITY_REPORT_SUFFIX: ".vulnerability-report.json" # TODO: inherit string from caller
-  TEST_IMAGE_NAME: "test-img-vscan"
+  TEST_IMAGE_NAME: "test-img"
   TEST_IMAGE_TAG: "test"
   SKOPEO_IMAGE: "quay.io/skopeo/stable:v1.15.1"
   TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
@@ -36,44 +36,53 @@ jobs:
     runs-on: ubuntu-22.04
     name: Vulnerability scan
     outputs:
-      vulnerability-report: ${{ steps.configure.outputs.name }}
+      oci-image: ${{ steps.configure.outputs.oci-filename }}
+      vulnerability-report: ${{ steps.configure.outputs.report-filename }}
     steps:
       # - uses: actions/checkout@v4
       - id: configure
         run: |
-          full_name="${{ inputs.oci-image-name }}${{ env.VULNERABILITY_REPORT_SUFFIX }}"
-          final_name="$(echo ${full_name} | sed 's/ghcr.io\/canonical\/oci-factory\///g' | tr ':' '_')"
-          echo "name=$final_name" >> "$GITHUB_OUTPUT"
+          oci_filename="$(echo "${{ inputs.oci-image-name }}" \
+            | sed 's/ghcr.io\/canonical\/oci-factory\///g' | tr ':' '_')"
+
+          echo "oci-filename=$oci_filename" >> "$GITHUB_OUTPUT"
+          echo "report-filename=$oci_filename${{ env.VULNERABILITY_REPORT_SUFFIX }}" >> "$GITHUB_OUTPUT"
+
 
-      - name: Copy image to Docker daemon
-        id: to-docker-daemon
-        run: |
-          d_img_name="${{ env.TEST_IMAGE_NAME }}:${{ env.TEST_IMAGE_TAG }}"
-          echo "name=$d_img_name" >> "$GITHUB_OUTPUT"
           if [[ "${{ inputs.cache-key }}" != "" ]]
           then
             source=oci:${{ env.TEST_IMAGE_NAME }} 
           else
             source=docker://${{ inputs.oci-image-name }}
           fi
+
           docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
             -v $PWD:/workdir -w /workdir \
             ${{ env.SKOPEO_IMAGE }} \
             copy $source \
-            oci-archive:${{ env.TEST_IMAGE_NAME }} 
+            oci-archive:
+
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
+            -v $PWD:/workdir -w /workdir \
+            ${{ env.SKOPEO_IMAGE }} \
+            inspect --format='{{ .Digest }}' oci-archive:${{ env.TEST_IMAGE_NAME }} > image_info.json
+
+            mv $(cat digest)
+
 
       - uses: actions/upload-artifact@v4
         if: ${{ !cancelled() }}
         with:
-          name: ${{ env.TEST_IMAGE_NAME }} 
-          path: ${{ env.TEST_IMAGE_NAME }} 
+          name: ${{ steps.configure.outputs.oci-filename}} 
+          path: ${{ steps.configure.outputs.oci-filename }} 
+          retention-days: 1
 
   test-vulnerabilities:
     name: Run tests for released images
     uses: ./.github/workflows/Test-Rock.yaml
     needs: [configure]
     with:
-      oci-archive-name: "test-img-vscan"
+      oci-archive-name: ${{ needs.configure.outputs.oci-image }} 
       test-oci-compliance: false
       test-efficiency: false
       test_malware: false