From 4fab12e4af21da9231bb4d676456bf5c3c0c2701 Mon Sep 17 00:00:00 2001
From: Jochen Schalanda <jochen@schalanda.name>
Date: Fri, 11 Oct 2024 21:37:40 +0200
Subject: [PATCH] Attach Anchore build scan results to workflows

---
 .github/workflows/ci.yaml      | 7 +++++++
 .github/workflows/release.yaml | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 08a2ce1..1d5f1ca 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -22,6 +22,13 @@ jobs:
         with:
           image: joschi/tg-archive:${{ github.sha }}
           fail-build: false
+          output-format: table
+        env:
+          GRYPE_FILE: vuln-report.out
+      - name: Attach Anchore build scan summary
+        run: |
+          VULN_REPORT="$(cat vuln-report.out)"
+          printf "# Vulnerability Report Summary\n<pre>$VULN_REPORT</pre>" > $GITHUB_STEP_SUMMARY
       - name: Upload Anchore Scan Report
         uses: github/codeql-action/upload-sarif@v3
         with:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8a21d31..ef6a8ca 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -25,6 +25,13 @@ jobs:
         with:
           image: joschi/tg-archive:${{ github.sha }}
           fail-build: false
+          output-format: table
+        env:
+          GRYPE_FILE: vuln-report.out
+      - name: Attach Anchore build scan summary
+        run: |
+          VULN_REPORT="$(cat vuln-report.out)"
+          printf "# Vulnerability Report Summary\n<pre>$VULN_REPORT</pre>" > $GITHUB_STEP_SUMMARY
       - name: Set output
         id: vars
         run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}