Update main.yml

iCloudBot · May 7, 2024 · e6bf38b · e6bf38b
1 parent 61246d7
commit e6bf38b
Showing 1 changed file with 17 additions and 11 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,12 +1,16 @@
-name: CICD-Workshop
+name: CICD-DEMO
 on:
   push:
     branches:
       # 1.The pipeline should be triggered whenever this is a push to a branch name with the following pattern release/v<digit>.<digit>
       - 'main'
 
 jobs:
-  secret-generator:
+  source-code-scan:
+    # 8.The pipeline should not run if the commit message starts with #NORUN even 
+    #   if the branch name has the correct pattern. 
+    #   For example, the following push will not trigger your workflow
+    if: ${{ startsWith(github.event.head_commit.message, '#NORUN') != true }}
     runs-on: ubuntu-latest
     outputs:
       total: ${{ steps.generate-secret.outputs.total }}
@@ -16,6 +20,7 @@ jobs:
     - name: Set timezone
       run: |
         cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
+
     # 2.Perform a scan of the branch that triggered the workflow and generate a report in the table format
     - name: Run Trivy vulnerability scanner in repo mode
       uses: aquasecurity/trivy-action@master
@@ -25,31 +30,32 @@ jobs:
         format: 'table'
         output: 'trivy-results.txt'
         severity: 'CRITICAL,HIGH'
+
     - name: generate secret
       id: generate-secret
       shell: bash
       run: |
-        critical_count=$(grep -c '1234' trivy-results.txt || true)
-        high_count=$(grep -c '12345' trivy-results.txt || true)
+        critical_count=$(grep -c 'CRITICAL' trivy-results.txt || true)
+        high_count=$(grep -c 'HIGH' trivy-results.txt || true)
         total_count=$(($critical_count + $high_count))
         echo "total=$total_count" >> "$GITHUB_OUTPUT"
         echo $total_count
         
-  secret-consumer:
-    runs-on: macos-latest
-    needs: secret-generator
-    if: ${{ needs.secret-generator.outputs.total > 1 }}
+  send-message-to-slack:
+    needs: source-code-scan
+    if: ${{ needs.source-code-scan.outputs.total > 1 }}
+    runs-on: ubuntu-latest
     steps:
     - name: use secret
       shell: bash
       run: |
-        # SECRET_HANDLE="${{ needs.secret-generator.outputs.handle }}"
+        # SECRET_HANDLE="${{ needs.source-code-scan.outputs.handle }}"
         echo "We retrieved our masked secret: SECRET_HANDLE"
 
 
   build-and-push-docker:
-    needs: secret-generator
-    if: success()
+    needs: source-code-scan
+    if: ${{ needs.source-code-scan.outputs.total < 1 }}
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code