chore(woodpecker): simplify audit file handling
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Removed redundant `/tmp/` paths for audit result and output files. - Ensured consistent file access in vulnerability checks and Discord notifications. - Added workspace file listing for better debugging in case of missing audit results.
This commit is contained in:
@ -3,8 +3,8 @@ steps:
|
|||||||
image: node:20
|
image: node:20
|
||||||
commands:
|
commands:
|
||||||
- npm install --package-lock-only
|
- npm install --package-lock-only
|
||||||
- npm audit --audit-level=moderate --json > /tmp/audit-result.json 2>&1 || echo "Audit completed"
|
- npm audit --audit-level=moderate --json > audit-result.json 2>&1 || echo "Audit completed"
|
||||||
- npm audit --audit-level=moderate > /tmp/audit-output.txt 2>&1 || echo "Audit completed"
|
- npm audit --audit-level=moderate > audit-output.txt 2>&1 || echo "Audit completed"
|
||||||
when:
|
when:
|
||||||
- branch: main
|
- branch: main
|
||||||
event: push
|
event: push
|
||||||
@ -17,12 +17,12 @@ steps:
|
|||||||
commands:
|
commands:
|
||||||
- apk add --no-cache curl jq
|
- apk add --no-cache curl jq
|
||||||
- |
|
- |
|
||||||
if [ -f /tmp/audit-result.json ]; then
|
if [ -f audit-result.json ]; then
|
||||||
TOTAL=$(jq -r '.metadata.vulnerabilities.total // 0' /tmp/audit-result.json 2>/dev/null || echo "0")
|
TOTAL=$(jq -r '.metadata.vulnerabilities.total // 0' audit-result.json 2>/dev/null || echo "0")
|
||||||
CRITICAL=$(jq -r '.metadata.vulnerabilities.critical // 0' /tmp/audit-result.json 2>/dev/null || echo "0")
|
CRITICAL=$(jq -r '.metadata.vulnerabilities.critical // 0' audit-result.json 2>/dev/null || echo "0")
|
||||||
HIGH=$(jq -r '.metadata.vulnerabilities.high // 0' /tmp/audit-result.json 2>/dev/null || echo "0")
|
HIGH=$(jq -r '.metadata.vulnerabilities.high // 0' audit-result.json 2>/dev/null || echo "0")
|
||||||
MODERATE=$(jq -r '.metadata.vulnerabilities.moderate // 0' /tmp/audit-result.json 2>/dev/null || echo "0")
|
MODERATE=$(jq -r '.metadata.vulnerabilities.moderate // 0' audit-result.json 2>/dev/null || echo "0")
|
||||||
LOW=$(jq -r '.metadata.vulnerabilities.low // 0' /tmp/audit-result.json 2>/dev/null || echo "0")
|
LOW=$(jq -r '.metadata.vulnerabilities.low // 0' audit-result.json 2>/dev/null || echo "0")
|
||||||
|
|
||||||
if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ] || [ "$MODERATE" -gt 0 ]; then
|
if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ] || [ "$MODERATE" -gt 0 ]; then
|
||||||
COLOR=16744448
|
COLOR=16744448
|
||||||
@ -32,8 +32,8 @@ steps:
|
|||||||
STATUS="✅ No Vulnerabilities"
|
STATUS="✅ No Vulnerabilities"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f /tmp/audit-output.txt ]; then
|
if [ -f audit-output.txt ]; then
|
||||||
VULNS=$(head -50 /tmp/audit-output.txt | tail -40 || echo "No details")
|
VULNS=$(head -50 audit-output.txt | tail -40 || echo "No details")
|
||||||
else
|
else
|
||||||
VULNS="No audit output available"
|
VULNS="No audit output available"
|
||||||
fi
|
fi
|
||||||
@ -73,7 +73,8 @@ steps:
|
|||||||
curl -H "Content-Type: application/json" -X POST \
|
curl -H "Content-Type: application/json" -X POST \
|
||||||
-d "$PAYLOAD" "$DISCORD_WEBHOOK"
|
-d "$PAYLOAD" "$DISCORD_WEBHOOK"
|
||||||
else
|
else
|
||||||
echo "No audit results found"
|
echo "No audit results found - listing workspace files:"
|
||||||
|
ls -la
|
||||||
fi
|
fi
|
||||||
when:
|
when:
|
||||||
- branch: main
|
- branch: main
|
||||||
|
|||||||
Reference in New Issue
Block a user