Add sub-action to download Grype #152
Conversation
Signed-off-by: Keith Zantow <kzantow@gmail.com>
0cc492b to
14c7231
Compare
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
| @@ -1,80 +1,113 @@ | |||
| const error = require('../dist'); | |||
There was a problem hiding this comment.
The only changes in this file were moving some utility functions that were only used in this test from the action itself to this test.
| run().catch((err) => { | ||
| throw new Error(err); | ||
| }); | ||
| const entrypoint = core.getInput("run"); |
There was a problem hiding this comment.
I decided to use a parameter to switch functionality here instead of compiling multiple different files; there are some limitations to the ncc tool used to build the actual dist/index.js and limitations in github actions that mean you either need to do this or compile multiple distinct scripts, all of which have duplicated code. I did the latter approach in sbom-action but I'm probably going to swap to this method to simplify things and speed up the commit/build cycle.
| run: "download-grype", | ||
| }); | ||
| expect(outputs.cmd).toBeDefined(); |
There was a problem hiding this comment.
Is this comparing to blank? output === undefined? Because a successful execution doesn't output anything?
There was a problem hiding this comment.
This is comparing to undefined, which means this output is any sort of string.
This PR adds a sub-action to download grype, along with some misc. code clean up that was discovered while working on this:
An example run is: https://github.com/kzantow-anchore/scan-action-test/runs/5739124385?check_suite_focus=true#step:5:12
With an execution of the Grype binary: https://github.com/kzantow-anchore/scan-action-test/runs/5739124385?check_suite_focus=true#step:7:1