Skip to content

Commit ef2a5c2

Browse files
saisatishkarrasaisatishkarra
authored
Merge pull request #9 from amini8/main
updated code with readonly
2 parents b793c84 + 92ce843 commit ef2a5c2

File tree

1 file changed

+19
-18
lines changed

1 file changed

+19
-18
lines changed

security-actions/scan-docker-image/scripts/scan-metadata.sh

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,43 +1,44 @@
1-
#/usr/bin/env bash
1+
#!/usr/bin/env bash
22

33
set -euo pipefail
44

5-
spdx_ext="sbom.spdx.json"
6-
cyclonedx_ext="sbom.cyclonedx.json"
7-
cve_json_ext="cve-report.json"
8-
cve_sarif_ext="cve-report.sarif"
9-
cis_json_ext="cis-report.json"
5+
readonly spdx_ext="sbom.spdx.json"
6+
readonly cyclonedx_ext="sbom.cyclonedx.json"
7+
readonly cve_json_ext="cve-report.json"
8+
readonly cve_sarif_ext="cve-report.sarif"
9+
readonly cis_json_ext="cis-report.json"
1010

1111
global_severity_cutoff='critical'
1212
global_enforce_build_failure='false'
1313

14-
15-
if ([[ ${IMAGE} != '' ]] && [[ ${DIR} != '' ]]) || ([[ ${IMAGE} != '' ]] && [[ ${FILE} != '' ]]) || ([[ ${DIR} != '' ]] && [[ ${FILE} != '' ]]); then
14+
if [[ -n ${IMAGE} && -n ${DIR} ]] || [[ -n ${IMAGE} && -n ${FILE} ]] || [[ -n ${DIR} && -n ${FILE} ]]; then
1615
echo '::error ::Input fields "image", "dir" and "file" are mutually exlcusive'
1716
exit 1
1817
fi
1918

20-
if [[ ${IMAGE} == '' ]] && [[ ${DIR} == '' ]] && [[ ${FILE} == '' ]]; then
19+
if [[ -z ${IMAGE} && -z ${DIR} && -z ${FILE} ]]; then
2120
echo '::error ::Specify one of "image", "dir" and "file" inputs fields'
2221
exit 1
2322
fi
2423

2524
# OCI archive should be passed as image instead of file
26-
if [[ ${IMAGE} != '' ]] && [[ ${TAG} != '' ]]; then
27-
echo "scan_image=${IMAGE}:${TAG}" >> $GITHUB_OUTPUT
28-
elif [[ ${IMAGE} != '' ]]; then
29-
echo "scan_image=${IMAGE}" >> $GITHUB_OUTPUT
25+
if [[ -n ${IMAGE} ]]; then
26+
if [[ -n ${TAG} ]]; then
27+
echo "scan_image=${IMAGE}:${TAG}" >> $GITHUB_OUTPUT
28+
else
29+
echo "scan_image=${IMAGE}" >> $GITHUB_OUTPUT
30+
fi
3031
fi
3132

32-
if [[ ${DIR} != '' ]]; then
33+
if [[ -n ${DIR} ]]; then
3334
echo "scan_dir=${DIR}" >> $GITHUB_OUTPUT
3435
fi
3536

36-
if [[ ${FILE} != '' ]]; then
37+
if [[ -n ${FILE} ]]; then
3738
echo "scan_file=${FILE}" >> $GITHUB_OUTPUT
3839
fi
3940

40-
if [[ ${ASSET_PREFIX} != '' ]]; then
41+
if [[ -n ${ASSET_PREFIX} ]]; then
4142
echo "sbom_spdx_file=${ASSET_PREFIX##*/}-${spdx_ext}" >> $GITHUB_OUTPUT
4243
echo "sbom_cyclonedx_file=${ASSET_PREFIX##*/}-${cyclonedx_ext}" >> $GITHUB_OUTPUT
4344
echo "grype_json_file=${ASSET_PREFIX##*/}-${cve_json_ext}" >> $GITHUB_OUTPUT
@@ -51,14 +52,14 @@ else
5152
echo "cis_json_file=${cis_json_ext}" >> $GITHUB_OUTPUT
5253
fi
5354

54-
if [[ ${global_severity_cutoff} != '' ]]; then
55+
if [[ -n ${global_severity_cutoff} ]]; then
5556
echo "global_severity_cutoff=${global_severity_cutoff}" >> $GITHUB_OUTPUT
5657
else
5758
echo '::error ::set global_severity_cutoff in $0'
5859
exit 1
5960
fi
6061

61-
if [[ ${global_enforce_build_failure} != '' ]]; then
62+
if [[ -n ${global_enforce_build_failure} ]]; then
6263
echo "global_enforce_build_failure=${global_enforce_build_failure}" >> $GITHUB_OUTPUT
6364
else
6465
echo '::error ::set global_enforce_build_failure in $0'

0 commit comments

Comments
 (0)