Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add output-file option, default to random directory output in temp #346

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Jul 25, 2024

This PR makes a couple changes to the scan-action, one of which may be breaking for users:

  • modifies the grype invocation to output to a random file in $TEMP, instead of outputting directly in the workspace
  • adds an output-file parameter to allow users to specify an output file explicitly

Fixes #216
Fixes #238

@kzantow kzantow added the major Used by release-drafter to determine version label Jul 25, 2024
@kzantow kzantow requested a review from a team July 25, 2024 21:18
dist/index.js Outdated
"output",
);
}
cmdArgs.push("--file", outputFile);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this interact with output? I had the impression we were moving towards output and way from file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We support --output <format> --file <output-file> in both Syft and Grype. This action doesn't allow multiple outputs, so it should work fine. I don't think there is a concrete plan to remove the --file option, since it's a part of Syft 1.0 already. If you feel strongly this should be using the --output flag, I can update it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I take this back, allowing for multiple outputs would be nice, so a user could get both a table printed to the logs and a SARIF report uploaded. I'll update this a bit.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kzantow did you have additional updates to make here? I think you were going to update to use --output or something?

willmurphyscode
willmurphyscode previously approved these changes Oct 5, 2024
@willmurphyscode
Copy link
Contributor

discussed with @kzantow offline - there are still a few things that might be changed before the merge relating to multiple outputs. I'm moving this back to "in progress" and will re-review later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
major Used by release-drafter to determine version
Projects
Status: In Progress
Development

Successfully merging this pull request may close these issues.

Unable to store output in "table" format Add output-file as an input param
2 participants