Fix more than 50 annotations (#7)

* Fix check run creation when there are more than 50 annotations * Update Scan workflow
sysdiglabs · Dec 23, 2020 · e987fdd · e987fdd
1 parent 7a34679
commit e987fdd
Show file tree

Hide file tree

Showing 8 changed files with 2,032 additions and 1,387 deletions.
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -1,23 +1,21 @@
-name: Scan
+name: Scan Image
 
 on:
   push:
   workflow_dispatch:
-    inputs:
-      image:
-        description: Image to scan
-        required: true
-        default: alpine:3.7
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Scan image
+      - name: Scan dummy-vuln-app
         id: scan
-        uses: sysdiglabs/scan-action@use-inline-scan-v2 
+        uses: sysdiglabs/scan-action@master
         with:
-          image-tag: "alpine:3.7"
-          sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
-          pull-from-registry: true
+          # Tag of the image to analyse
+          image-tag: sysdiglabs/dummy-vuln-app:latest
+          # API token for Sysdig Scanning auth
+          sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
+          input-type: pull
+          ignore-failed-scan: true
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
+
 # Sysdig Secure Inline Scan Action
 
-This action performs analysis on locally built container image and posts the result to Sysdig Secure. For more information about Secure Inline Scan, see https://github.com/sysdiglabs/secure-inline-scan and read [Sysdig Secure documentation](https://docs.sysdig.com/en/image-scanning.html).
+This action performs analysis on locally built container image and posts the result to Sysdig Secure. For more information about Secure Inline Scan, see [Sysdig Secure documentation](https://docs.sysdig.com/en/image-scanning.html).
 
 ## Inputs
 
@@ -138,4 +139,4 @@ and then add another step for uploading the SARIF report, providing the path in
         sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
         input-type: docker-archive
         input-path: artifacts/my-image.tar
-```
+```
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/index.js b/index.js
@@ -384,24 +384,50 @@ async function generateChecks(scanResult, evaluationResults, vulnerabilities) {
     core.warning("No github-token provided. Skipping creation of check run");
   }
 
-  try {
+  let octokit;
+  let annotations;
+  let check_run;
 
-    const octokit = github.getOctokit(githubToken);
+  try {
+    octokit = github.getOctokit(githubToken);
+    annotations = getReportAnnotations(evaluationResults, vulnerabilities)
+  } catch (error) {
+    core.warning("Error creating octokit: " + error);
+    return;
+  }
 
-    await octokit.checks.create({
+  try {
+    check_run = await octokit.checks.create({
       owner: github.context.repo.owner,
       repo: github.context.repo.repo,
       name: "Scan results",
       head_sha: github.context.sha,
       output: {
         title: "Inline scan results",
         summary: "Scan result is " + scanResult,
-        annotations: getReportAnnotations(evaluationResults, vulnerabilities)
+        annotations: annotations.slice(0,50)
       }
     });
   } catch (error) {
     core.warning("Error creating check run: " + error);
   }
+
+  try {
+    for (let i = 50; i < annotations.length; i+=50) {
+      await octokit.checks.update({
+        owner: github.context.repo.owner,
+        repo: github.context.repo.repo,
+        check_run_id: check_run.data.id,
+        output: {
+          title: "Inline scan results",
+          summary: "Scan result is " + scanResult,
+          annotations: annotations.slice(i, i+50)
+        }
+      });
+    }
+  } catch (error) {
+    core.warning("Error updating check run: " + error);
+  }
 }
 
 function getReportAnnotations(evaluationResults, vulnerabilities) {