New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ::set-output deprecation messages #127
base: main
Are you sure you want to change the base?
Conversation
scan-apk/action.yaml
Outdated
@@ -70,7 +70,7 @@ runs: | |||
tag: localhost:1234/apk-scan | |||
|
|||
- id: grype-scan | |||
uses: anchore/scan-action@ecfd0e98932e57ea8f68f29c4f418fc41a8194db | |||
uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change seems unrelated to the rest of the PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it seems unrelated but without this minor bump v3.2.5
-> v3.3.6
not all ::set-ouput
warnings go away, because used inside actual pinned version of anchore/scan-action
. Maybe a different version can be selected, I have chosen this cause it's the last one released and surely in there ::set-output
warnings are fixed
Let me know if you prefer to remove this change and bumps it in a separated PR or if ok, I have to cite the reason behind this bump briefly in the commit msg
@imjasonh anyone on the chainguard team who is available to review and merge this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the updates
a small nit
scan-apk/action.yaml
Outdated
@@ -70,7 +70,7 @@ runs: | |||
tag: localhost:1234/apk-scan | |||
|
|||
- id: grype-scan | |||
uses: anchore/scan-action@ecfd0e98932e57ea8f68f29c4f418fc41a8194db | |||
uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add the version tag that this git hash is pointing to? will make easier for the next time
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, added
Signed-off-by: andros21 <andrea.ros21@murena.io>
@cpanato The PR now seems to be ready. |
@@ -135,10 +135,12 @@ runs: | |||
--network host \ | |||
-v $PWD:${{ github.workspace }} \ | |||
-v /tmp:/tmp \ | |||
-v $GITHUB_OUTPUT:$GITHUB_OUTPUT \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looking at it again, is this required?
--workdir ${{ github.workspace }} \ | ||
-e "GITHUB_ACTOR=${{ inputs.repository_owner }}" \ | ||
-e "GITHUB_TOKEN=${{ inputs.token }}" \ | ||
-e "REPOSITORY=${{ inputs.repository }}" \ | ||
-e "GITHUB_OUTPUT=$GITHUB_OUTPUT" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not strictly required, both are required if digest output (line 180) is done inside the docker run command. An alternative way could be something like this andros21@1597f1f. If ok, I can update it
No description provided.