Skip to content

Commit

Permalink
update to use runner.temp path
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunchu
yunchu committed Apr 30, 2024
1 parent b678302 commit 43541db
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions .github/workflows/code_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,21 @@ jobs:
- name: Install dependencies
run: |
pip install --require-hashes --no-deps -r requirements/gh-actions.txt
pip-compile --extra=full -o /tmp/${{ github.sha }}/requirements.txt setup.py
mkdir -p ${{ runner.temp }}/${{ github.sha }}
pip-compile --extra=full -o ${{ runner.temp }}/${{ github.sha }}/requirements.txt setup.py
- name: Trivy Scanning (CSV)
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
with:
trivy-config: ".ci/trivy-csv.yaml"
scan-type: "fs"
scan-ref: /tmp/${{ github.sha }}/
scan-ref: ${{ runner.temp }}/${{ github.sha }}/
scanners: vuln,secret
- name: Trivy Scanning (spdx.json)
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
with:
trivy-config: ".ci/trivy-json.yaml"
scan-type: "fs"
scan-ref: /tmp/${{ github.sha }}/
scan-ref: ${{ runner.temp }}/${{ github.sha }}/
- name: Upload Trivy results artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
Expand All @@ -57,8 +58,9 @@ jobs:
- name: Install dependencies
run: |
pip install --require-hashes --no-deps -r requirements/gh-actions.txt
pip-compile --generate-hashes -o /tmp/${{ github.sha }}/requirements.txt requirements/dev.txt
pip install --require-hashes --no-deps -r /tmp/${{ github.sha }}/requirements.txt
mkdir -p ${{ runner.temp }}/${{ github.sha }}
pip-compile --generate-hashes -o ${{ runner.temp }}/${{ github.sha }}/requirements.txt requirements/dev.txt
pip install --require-hashes --no-deps -r ${{ runner.temp }}/${{ github.sha }}/requirements.txt
rm /tmp/otx-dev-requirements.txt
- name: Bandit Scanning
run: tox -e bandit-scan
Expand Down

0 comments on commit 43541db

Please sign in to comment.