trivy-action icon indicating copy to clipboard operation
trivy-action copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

continue-on-error not working as expected after changing from "docker" to "composite" action

Open BertelBB opened this issue 4 months ago • 0 comments

From v0.25.0 to v0.26.0 the action that runs Trivy was changed from using: 'docker' to using: 'composite' and that broke our workflows in cases when steps.continue-on-error statement is executed with an input in the expression.

- name: Run Trivy
  continue-on-error: ${{ inputs.continue-on-error }} # <-- Workflow fails is this line is executed because "inputs" is null
  uses: aquasecurity/[email protected]

See change here: https://github.com/aquasecurity/trivy-action/compare/0.25.0..0.26.0#diff-fab4d7fb461bc6fbe9587f6c03fff98102b1c744145edcf2a993f2ff7cb05a0dL102

See issue explaining how inputs are not available in steps.continue-on-error when running as composite action: https://github.com/actions/runner/issues/2418

Workaround

for those interested, there is a workaround using env context and fromJSON function

- name: Run Trivy
  env:
    CONTINUE_ON_ERROR: ${{ inputs.continue-on-error }}
  continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }}
  uses: aquasecurity/[email protected]

BertelBB avatar Oct 16 '24 15:10 BertelBB