make matrix job and pass over list

soenkeliebau · soenkeliebau · commit 017a0a121df3 · 2024-02-28T10:55:26.000+01:00
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -2,7 +2,7 @@ name: Scan all images
 on: workflow_dispatch
 
 jobs:
-  scan:
+  image_list:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -17,5 +17,23 @@ jobs:
         run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
       - name: Install deps
         run: poetry install
-      - name: Run scanner
+      - name: scan
         run: poetry run python stack_scanner/main.py
+    outputs:
+      matrix: ${{ steps.scan.outputs.matrix }}
+
+  scan:
+    needs: image_list
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        package: ${{ fromJson(needs.image_list.outputs.matrix) }}
+    steps:
+      - name: Debug
+        run: echo ${matrix.package}
+#      - name: Scan image
+#        uses: anchore/scan-action@v3
+#        with:
+#          image: "localbuild/testimage:latest"
+#      - name: Upload report
diff --git a/stack_scanner/main.py b/stack_scanner/main.py
@@ -1,3 +1,4 @@
+import json
 from urllib.request import urlretrieve
 from image_tools.args import load_configuration
 import tempfile
@@ -40,6 +41,7 @@ def main():
             # Load product versions from that file using the image-tools functionality
             product_versions = load_configuration(filename)
 
+            result = []
             # Generate image names
             product_names: list[str] = [product["name"] for product in product_versions.products]
             for product in product_versions.products:
@@ -53,7 +55,11 @@ def main():
                     image_name = f"{REGISTRY_URL}/stackable/{product_name}:{product_version}-stackable{release}"
                     #print(f"Scanning {REGISTRY_URL}/stackable/{product_name}:{product_version}-stackable{release}")
                     print(f"grype -o cyclonedx --file {release}-{product_name}-{product_version}.cdx {image_name}")
-                    subprocess.run(["grype", "-o",  "json", "--file", f"release-{product_name}-{product_version}.cdx", f"{image_name}"])
+                    #subprocess.run(["grype", "-o",  "json", "--file", f"release-{product_name}-{product_version}.cdx", f"{image_name}"])
+                    result.append(image_name)
+
+    # All done
+    print(f'::set-output name=matrix::{json.dumps(result)}')
 
 
 
