Fixing output for non summary jobs

lacework · Sep 18, 2023 · 428ac47 · 428ac47
1 parent 2e9e3ce
commit 428ac47
Showing 1 changed file with 20 additions and 13 deletions.
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-
+# Set Lacework credentials as inline scanner environment variable
 export LW_ACCOUNT_NAME=${INPUT_LW_ACCOUNT_NAME}
 export LW_ACCESS_TOKEN=${INPUT_LW_ACCESS_TOKEN}
 
@@ -29,7 +29,7 @@ fi
 if [ ${INPUT_SIMPLE_OUTPUT} = "true" ]; then
     export SCANNER_PARAMETERS="${SCANNER_PARAMETERS} --simple"
 fi
-if [ ${INPUT_COLOR_OUTPUT} = "false" ] || [ "${INPUT_RESULTS_IN_GITHUB_SUMMARY}" = "true" ]; then
+if [ ${INPUT_COLOR_OUTPUT} = "false" ]; then
     export SCANNER_PARAMETERS="${SCANNER_PARAMETERS} --no-color"
 fi
 if [ ! -z "${INPUT_ADDITIONAL_PARAMETERS}" ]; then
@@ -39,21 +39,28 @@ fi
 # Remove old scanner evaluation, if cached somehow
 rm ${GITHUB_WORKSPACE}/evaluations/${INPUT_IMAGE_NAME}/${INPUT_IMAGE_TAG}/evaluation_*.json &>/dev/null || true
 
-# Run scanner
-/opt/lacework/lw-scanner image evaluate ${INPUT_IMAGE_NAME} ${INPUT_IMAGE_TAG} \
-  --build-plan ${GITHUB_REPOSITORY} \
-  --build-id ${GITHUB_RUN_ID} \
-  --data-directory ${GITHUB_WORKSPACE} \
-  --policy \
-  --fail-on-violation-exit-code 1 ${SCANNER_PARAMETERS} 1> results.stdout
-
-export SCANNER_EXIT_CODE=$?
-
 if [ "${INPUT_RESULTS_IN_GITHUB_SUMMARY}" = "true" ]; then
+    # Run scanner and store resulst as github job summary and no output to console
+    /opt/lacework/lw-scanner image evaluate ${INPUT_IMAGE_NAME} ${INPUT_IMAGE_TAG} \
+    --build-plan ${GITHUB_REPOSITORY} \
+    --build-id ${GITHUB_RUN_ID} \
+    --data-directory ${GITHUB_WORKSPACE} \
+    --policy \
+    --fail-on-violation-exit-code 1 ${SCANNER_PARAMETERS}
+    export SCANNER_EXIT_CODE=$?
     echo "### Security Scan" >> $GITHUB_STEP_SUMMARY
     echo "<pre>" >> $GITHUB_STEP_SUMMARY
     cat results.stdout >> $GITHUB_STEP_SUMMARY
     echo "</pre>" >> $GITHUB_STEP_SUMMARY
+    exit ${SCANNER_EXIT_CODE}
+elif
+    # Run scanner in default mode with output to console
+    /opt/lacework/lw-scanner image evaluate ${INPUT_IMAGE_NAME} ${INPUT_IMAGE_TAG} \
+    --build-plan ${GITHUB_REPOSITORY} \
+    --build-id ${GITHUB_RUN_ID} \
+    --data-directory ${GITHUB_WORKSPACE} \
+    --policy \
+    --fail-on-violation-exit-code 1 ${SCANNER_PARAMETERS}
 fi
 
-exit ${SCANNER_EXIT_CODE}
+