Relocate GitHub Summary Vulnerability Report

.github/workflows/Test-Rock.yaml

@@ -271,6 +271,36 @@ jobs:
           name: ${{ steps.configure-trivy.outputs.report-name }}
           path: ${{ steps.configure-trivy.outputs.report-name}}
 
+
+      # We have to walk through the vulnerabilities since trivy does not support outputting the results as Markdown
+      - name: Create markdown content
+        id: create-markdown
+        if: ${{ !cancelled() }}
+        run: |
+          set -x
+
+          vulnerabilities="$(jq -r -c '[
+            try(.scanner.result.Results[])
+            | .Target as $target
+            | .Vulnerabilities
+            | select(. != null)
+            | .[]
+            | {Target: $target, LastModifiedDate: .LastModifiedDate, VulnerabilityID: .VulnerabilityID,
+              PkgName: .PkgName, Severity: .Severity}
+                  ]' < ${{ steps.configure-trivy.outputs.report-name }})"
+
+          num_vulns=$(echo "$vulnerabilities" | jq -r 'length')
+
+          if [[ $num_vulns -gt 0 ]]; then
+            echo "# Vulnerabilities found for ${{ inputs.oci-archive-name }}" >> $GITHUB_STEP_SUMMARY
+            title="Vulnerabilities found for ${{ inputs.oci-archive-name }}"
+            echo "## $title" >> $GITHUB_STEP_SUMMARY
+            echo "| ID | Target | Severity | Package |" >> $GITHUB_STEP_SUMMARY
+            echo "| -- | ----- | -------- | ------- |" >> $GITHUB_STEP_SUMMARY
+            echo "$vulnerabilities" | jq -r '.[] | "| \(.VulnerabilityID) | /\(.Target) | \(.Severity) | \(.PkgName) |"' >> $GITHUB_STEP_SUMMARY
+          fi
+
+
   test-malware:
     runs-on: ubuntu-22.04
     name: "test-malware ${{ inputs.oci-archive-name != '' && format('| {0}', inputs.oci-archive-name) || ' '}}"

.github/workflows/Vulnerability-Scan.yaml

@@ -213,12 +213,6 @@ jobs:
             echo "issue-body-file=issue.md" >> "$GITHUB_OUTPUT"
           fi
 
-      - name: Write to summary
-        if: ${{ !inputs.create-issue && steps.create-markdown.outputs.vulnerability-exists == 'true' }}
-        run: |
-          echo "# Vulnerabilities found for ${{ inputs.oci-image-name }}" >> $GITHUB_STEP_SUMMARY
-          cat ${{ steps.create-markdown.outputs.issue-body-file }} | tail -n +2 >> $GITHUB_STEP_SUMMARY
-
       - id: issue-exists
         if: ${{ inputs.create-issue}}
         run: |

oci/mock-rock/_releases.json

@@ -35,31 +35,31 @@
     "1.1-22.04": {
         "end-of-life": "2030-05-01T00:00:00Z",
         "candidate": {
-            "target": "1053"
+            "target": "1065"
         },
         "beta": {
-            "target": "1053"
+            "target": "1065"
         },
         "edge": {
-            "target": "1053"
+            "target": "1065"
         }
     },
     "1-22.04": {
         "end-of-life": "2030-05-01T00:00:00Z",
         "candidate": {
-            "target": "1053"
+            "target": "1065"
         },
         "beta": {
-            "target": "1053"
+            "target": "1065"
         },
         "edge": {
-            "target": "1053"
+            "target": "1065"
         }
     },
     "1.2-22.04": {
         "end-of-life": "2030-05-01T00:00:00Z",
         "beta": {
-            "target": "1054"
+            "target": "1066"
         },
         "edge": {
             "target": "1.2-22.04_beta"