Merge pull request #108 from voxpupuli/update_ci

fix: only output compare from docker scout and silently scan for cves
voxpupuli · Aug 23, 2024 · 1080242 · 1080242
2 parents ebeee9f + 6c4433d
commit 1080242
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -57,15 +57,24 @@ jobs:
           username: voxpupulibot
           password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
 
-      - name: Analyze Container Image
-        id: analyze-image
+      - name: Analyze container image for CVEs
+        id: analyze-image-cves
         uses: docker/scout-action@v1
         with:
-          command: cves,compare
-          to: 'ghcr.io/voxpupuli/puppetserver:${{ matrix.version }}-latest'
+          command: cves
           image: 'local://ci/puppetserver:${{ matrix.version }}'
           sarif-file: sarif.output.${{ matrix.version }}.${{ github.sha }}.json
+          write-comment: false
+
+      - name: Compare container image to latest from Registry
+        id: compare-image
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          image: 'local://ci/puppetserver:${{ matrix.version }}'
+          to: 'ghcr.io/voxpupuli/puppetserver:${{ matrix.version }}-latest'
           summary: true
+          keep-previous-comments: true
 
       - name: Upload SARIF result
         id: upload-sarif