ci: guard upload-sarif step when Trivy SARIF missing

2025-11-22 09:17:47 -05:00
parent a0b2d3ffef
commit 166bca30bf
1 changed files with 11 additions and 1 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -135,8 +135,18 @@ jobs:
          severity: 'CRITICAL,HIGH'
        continue-on-error: true

-      - name: Upload Trivy results
+      - name: Check Trivy SARIF exists
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
+        id: trivy-check
+        run: |
+          if [ -f trivy-results.sarif ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Upload Trivy results
+        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.trivy-check.outputs.exists == 'true'
        uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4
        with:
          sarif_file: 'trivy-results.sarif'