refactor to a single task

Signed-off-by: naveensrinivasan <[email protected]>
defenseunicorns · Apr 3, 2024 · a66e357 · a66e357
1 parent 988bbc9
commit a66e357
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 27 deletions.
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -31,9 +31,11 @@ jobs:
 
 
       - name: Scan the repository for vulnerabilities - Upstream
+        env:
+          FLAVOR: upstream
         run: |
           uds run grype:install
-          uds run scan:upstream
+          uds run scan:scan
 
       - name: Upload SARIF files - Upstream
         uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2
@@ -73,6 +75,7 @@ jobs:
         env:
           GRYPE_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           GRYPE_PASSWORD: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+          FLAVOR: registry1
 
       - name: Upload SARIF files - Registry1
         uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2

diff --git a/tasks/scan.yaml b/tasks/scan.yaml
@@ -1,11 +1,11 @@
 ---
 tasks:
-  - name: upstream
-    description: Create a UDS package with upstream flavor, extract the SBOM, and analyze for vulnerabilities
+  - name: scan
+    description: Create a UDS package with specified flavor, extract the SBOM, and analyze for vulnerabilities
     actions:
       - cmd: |
           bash -c '
-            flavor="upstream"
+            flavor="${FLAVOR}"
             output_dir="sbom/$flavor"
             mkdir -p "$output_dir"
             uds zarf package create . --flavor="$flavor" --confirm --no-progress -o "$output_dir"
@@ -27,26 +27,3 @@ tasks:
               echo "Updated SARIF file path to $sbom_base_name using yq for $sarif_file_name"
             done
           '
-
-  - name: registry1
-    description: Create a UDS package with registry1 flavor, extract the SBOM, and analyze for vulnerabilities
-    actions:
-      - cmd: |
-          bash -c '
-            flavor="registry1"
-            output_dir="sbom/$flavor"
-            mkdir -p "$output_dir"
-            uds zarf package create . --flavor="$flavor" --confirm --no-progress -o "$output_dir"
-            for file in "$output_dir"/*.zst; do
-              uds zarf package inspect "$file" --sbom-out "$output_dir" --no-progress
-            done
-            sarif_output_dir="./sarif"
-            mkdir -p "$sarif_output_dir"
-            find "sbom/$flavor" -type f -name "*.json" | while read -r json_file; do
-              sarif_file_name="${flavor}_$(basename "${json_file}").sarif"
-              echo "Processing $json_file"
-              echo "Outputting to $sarif_output_dir/$sarif_file_name"
-              grype sbom:"$json_file" -o sarif --file "$sarif_output_dir/$sarif_file_name"
-              echo "Grype analysis for $json_file exported to $sarif_output_dir/$sarif_file_name (errors ignored)"
-            done
-          '