Testing out Docker Scout if statements

getwilds · Oct 19, 2024 · 6e85e29 · 6e85e29
1 parent f23641f
commit 6e85e29
Showing 1 changed file with 17 additions and 15 deletions.
diff --git a/.github/workflows/docker-scout.yaml b/.github/workflows/docker-scout.yaml
@@ -37,21 +37,23 @@ jobs:
           sh install-scout.sh
       - name: Docker Scout
         run: |
-          for image in ./*; do
-            CONTAINER="getwilds/$image:latest"
-            docker scout cves $CONTAINER --only-fixed --format sarif --output cve_check.json
-            NUM_VUL=$(jq '.runs[0].tool.driver.rules | length' cve_check.json)
-            if [[ $NUM_VUL -ge 1 ]]; then
-              docker scout cves $CONTAINER --only-fixed --format markdown --output cve_check.html
-              if [[ $(wc -c cve_check.html) -le 65536 ]]; then
-                gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file cve_check.html
-              else
-                echo "Significant issues present in bwa, see quickview and recommendations below, but run CVE analysis locally." > qv.txt
-                echo "\`\`\`" >> qv.txt
-                docker scout quickview $CONTAINER >> qv.txt
-                docker scout recommendations $CONTAINER >> qv.txt
-                echo "\`\`\`" >> qv.txt
-                gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file qv.txt
+          for image in *; do
+            if [ -d "$image" ] && [ "$image" != ".github" ]; then
+              CONTAINER="getwilds/$image:latest"
+              docker scout cves $CONTAINER --only-fixed --format sarif --output cve_check.json
+              NUM_VUL=$(jq '.runs[0].tool.driver.rules | length' cve_check.json)
+              if [[ $NUM_VUL -ge 1 ]]; then
+                docker scout cves $CONTAINER --only-fixed --format markdown --output cve_check.html
+                if [[ $(wc -c cve_check.html) -le 65536 ]]; then
+                  gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file cve_check.html
+                else
+                  echo "Significant issues present in bwa, see quickview and recommendations below, but run CVE analysis locally." > qv.txt
+                  echo "\`\`\`" >> qv.txt
+                  docker scout quickview $CONTAINER >> qv.txt
+                  docker scout recommendations $CONTAINER >> qv.txt
+                  echo "\`\`\`" >> qv.txt
+                  gh issue create --repo getwilds/wilds-docker-library --title "bwa Vulnerability Analysis" --body-file qv.txt
+                fi
               fi
             fi
           done