fix(gha): and circleci resource names #3914
Conversation
checkov/yaml_doc/runner.py
Outdated
| def resolve_image_name(image_definition: dict[str, Any], start_line: int, end_line: int) -> str: | ||
| for idx, step in enumerate([step for step in image_definition.get('docker') or [] if step]): | ||
| if isinstance(image_definition.get('docker'), dict): | ||
| if step == 'image': | ||
| return f"{idx + 1}[{image_definition['docker'][step]}]" | ||
| if isinstance(step, str): | ||
| return f"{idx + 1}[{step}]" | ||
| elif isinstance(step, dict): | ||
| if step[START_LINE] <= start_line <= end_line <= step[END_LINE]: | ||
| name = step.get('image') | ||
| return f"{idx + 1}[{name}]" if name else str(idx + 1) | ||
| return "" |
There was a problem hiding this comment.
IMO the image index isn't too useful to the resource name
The index is included for steps in GHA since they might not have a name, but we will always have the image name
There was a problem hiding this comment.
I though it will be useful cause maybe someone will declare 2 images with different other parameters... WDYT?
There was a problem hiding this comment.
Since the image resource id is defined as f'jobs.{job_name}.docker.image#{image_name}', as long as the same image appears on different jobs, the resource id will be distinct
Worth checking in circleci pipelines docs if using multiple images inside the same job is a valid use case
There was a problem hiding this comment.
an example from circleCI documentation: https://circleci.com/docs/configuration-reference/#docker
I will leave it numbered :)
Co-authored-by: Anton Grübel <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
…s-func # Conflicts: # tests/circleci_pipelines/image_referencer/test_runner.py # tests/circleci_pipelines/test_runner.py
* lots of changes * small fix to docker resource naming * removed logging * more changes + image resource adduption * fix mypy + flake8 * fixed checks * added tests! * added comment for future debug in case of changes * Update checkov/circleci_pipelines/checks/image_version_not_hash.py Co-authored-by: Anton Grübel <[email protected]> * Update checkov/github_actions/runner.py Co-authored-by: Anton Grübel <[email protected]> * Update checkov/yaml_doc/runner.py Co-authored-by: Anton Grübel <[email protected]> * add docs test to yaml_doc functions * added error logging * add test for `sca_image_report.image_cached_results` * fix tests of merge of master * changed resource naming Co-authored-by: Anton Grübel <[email protected]>
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
yaml_docRunnerjobs,on:jobs,orbswere catching empty lines, for example, the line:---. fixed to return only valid checks in this sense.Checklist: