Update ci.yaml

OHDSI · Sep 22, 2024 · a033b19 · a033b19
1 parent 7a8adbe
commit a033b19
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -54,6 +54,11 @@ jobs:
           # Push the Docker image
           docker push $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
+          # Add latest tag
+			    docker tag $REGISTRY/$REPOSITORY:$IMAGE_TAG $REGISTRY/$REPOSITORY:latest
+
+			    # push latest Docker Image
+			    docker push $REGISTRY/$REPOSITORY:latest
 
   security:
     runs-on: ubuntu-latest
@@ -93,9 +98,11 @@ jobs:
           AWS_REGION: ${{ secrets.AWS_REGION }}
           IMAGE_TAG: 3.0.1
           ECR_REPOSITORY: mdaca/ohdsi/webapi
+
         run: |
-          trivy image --exit-code 1 --severity HIGH,CRITICAL $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
-        continue-on-error: true
+          trivy image --severity HIGH,CRITICAL $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
+          trivy image --format json $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG > OHDSI-Webapi.json
+          jq -r '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | [.SeveritySource, .VulnerabilityID, .PkgName, .PkgPath, .InstalledVersion, .FixedVersion, .Status, .Severity] | @csv' OHDSI-Webapi.json > OHDSI-Webapi-Trivy.csv
       - name: Install Syft
         run: |
           curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
@@ -110,8 +117,10 @@ jobs:
           syft $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
           syft $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG  > OHDSI-WEBAPI-sbom.tf
 
-      - name: Upload SBOM
-        uses: actions/upload-artifact@v3
+      - name: Upload Reports
+        uses: actions/upload-artifact@v4
         with:
-          name: sbom
-          path: OHDSI-WEBAPI-sbom.tf
+          name: trivy-and-sbom-reports
+          path: |
+            OHDSI-Webapi.csv
+            OHDSI-Webapi-sbom.tf