[feature] Add input grype-version (#228)

* Added input grype-version Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Added test of specific version Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Added specific version Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Added flag to no fail Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Updated outdated Actions Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Removed debug input Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Removed debug from tests Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Removed debug from tests Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Typo fix Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * chore(deps): update Grype to v0.63.0 (#225) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * add oss community board auto-add workflow (#231) Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> * Merge witn main Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Update demo.yml with checkout@v4 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Update sarifdemo.yml with checkout@v4 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Update test.yml with checkout@v4 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Fix of default for grype_version Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Update semver from 6.3.0 to 6.3.1 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Revert update semver from 6.3.0 to 6.3.1 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Audid fix Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Dist Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Set the Grype version to download v0.73.1 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Updated tests Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Rebuild Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Set timeout 50000 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> * Bump @babel/traverse from 7.22.8 to 7.23.4 Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> --------- Signed-off-by: Viacheslav Kudinov <viacheslav@kudinov.tech> Signed-off-by: Viacheslav Kudinov <viacheslavkudinov@VK-MacBook-Pro-14-M1.local> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · Nov 20, 2023 · 69f27a5 · 69f27a5
1 parent 557686c
commit 69f27a5
Show file tree

Hide file tree

Showing 7 changed files with 263 additions and 111 deletions.
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
@@ -10,7 +10,6 @@ jobs:
       - uses: ./
         with:
           image: "alpine:latest"
-          debug: true
           fail-build: false
 
   test-directory:
@@ -20,7 +19,6 @@ jobs:
       - uses: ./
         with:
           path: "tests/fixtures/npm-project"
-          debug: true
           severity-cutoff: "negligible"
           fail-build: false
 
@@ -31,5 +29,4 @@ jobs:
       - uses: ./
         with:
           sbom: tests/fixtures/test_sbom.spdx.json
-          debug: true
           fail-build: false
diff --git a/.github/workflows/sarifdemo.yml b/.github/workflows/sarifdemo.yml
@@ -8,13 +8,11 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
       - name: Run the local Scan Action with SARIF generation enabled
         id: scan
         uses: ./
         with:
           image: "debian:8"
-          debug: true
           fail-build: false
           #severity-cutoff: "Medium"
 
@@ -33,13 +31,11 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
       - name: Run the local Scan Action with SARIF generation enabled
         id: scan
         uses: ./
         with:
           path: "tests/fixtures/npm-project"
-          debug: true
           fail-build: false
           #severity-cutoff: "Medium"
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -43,3 +43,29 @@ jobs:
       - run: npm ci
       - run: npm run audit
       - run: npm test
+
+  test-as-action: # run actions to test some scenarios
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          path: ./
+
+      - name: "Donwload Grype v0.54.0"
+        uses: ./download-grype # anchore/scan-action/download-grype
+        with:
+          grype-version: v0.54.0
+
+      - name: "Check Grype version before scan-action"
+        run: grype version | egrep "^Version:.*0.54.0$"
+
+      - name: "Scan test image"
+        uses: ./
+        with:
+          image: "alpine:latest"
+          grype-version: v0.54.0 # set the same version to test that current Grype binary wasn't overwritten by the latest version
+          fail-build: false # to prevent fail due to vuln:s on test image
+
+      - name: "Check Grype version after scan-action"
+        run: grype version | egrep "^Version:.*0.54.0$"
diff --git a/action.yml b/action.yml
@@ -36,7 +36,10 @@ inputs:
   by-cve:
     description: "Specify whether to orient results by CVE rather than GHSA.  Default is false."
     required: false
-    default: "false"
+    default: "false"  
+  grype-version:
+    description: "A specific version of Grype to install"
+    required: false
 outputs:
   sarif:
     description: "Path to a SARIF report file for the image"