From a033b192d4e0f145ec2b5b3d33b150619fc99867 Mon Sep 17 00:00:00 2001
From: stevensrtw <50691414+stevensrtw@users.noreply.github.com>
Date: Sun, 22 Sep 2024 18:11:09 -0400
Subject: [PATCH] Update ci.yaml

---
 .github/workflows/ci.yaml | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5ff3b14c5..1a973fdbb 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -54,6 +54,11 @@ jobs:
           # Push the Docker image
           docker push $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
+          # Add latest tag
+			    docker tag $REGISTRY/$REPOSITORY:$IMAGE_TAG $REGISTRY/$REPOSITORY:latest
+
+			    # push latest Docker Image
+			    docker push $REGISTRY/$REPOSITORY:latest
 
   security:
     runs-on: ubuntu-latest
@@ -93,9 +98,11 @@ jobs:
           AWS_REGION: ${{ secrets.AWS_REGION }}
           IMAGE_TAG: 3.0.1
           ECR_REPOSITORY: mdaca/ohdsi/webapi
+
         run: |
-          trivy image --exit-code 1 --severity HIGH,CRITICAL $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
-        continue-on-error: true
+          trivy image --severity HIGH,CRITICAL $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
+          trivy image --format json $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG > OHDSI-Webapi.json
+          jq -r '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | [.SeveritySource, .VulnerabilityID, .PkgName, .PkgPath, .InstalledVersion, .FixedVersion, .Status, .Severity] | @csv' OHDSI-Webapi.json > OHDSI-Webapi-Trivy.csv
       - name: Install Syft
         run: |
           curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
@@ -110,8 +117,10 @@ jobs:
           syft $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG
           syft $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:$IMAGE_TAG  > OHDSI-WEBAPI-sbom.tf
 
-      - name: Upload SBOM
-        uses: actions/upload-artifact@v3
+      - name: Upload Reports
+        uses: actions/upload-artifact@v4
         with:
-          name: sbom
-          path: OHDSI-WEBAPI-sbom.tf
+          name: trivy-and-sbom-reports
+          path: |
+            OHDSI-Webapi.csv
+            OHDSI-Webapi-sbom.tf