Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: don't pass in a separate env. This makes it impossible to pass env vars via the action context to syft. #455

Merged
merged 3 commits into from Mar 27, 2024
Merged

fix: don't pass in a separate env. This makes it impossible to pass env vars via the action context to syft. #455

merged 3 commits into from Mar 27, 2024

Conversation

iNoahNothing
Copy link
Contributor

Signed-off-by: Noah Krause krausenoah@gmail.com

@iNoahNothing
fix: don't pass in a separate env. This makes it impossible to pass e…
1c2046c 
…nv vars via the action context to syft.

Signed-off-by: Noah Krause <krausenoah@gmail.com>
kzantow
kzantow requested changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution.

What environment variables are you setting? Is there a reason you aren't using a configuration file? This action supports a configuration file, either by adding a .syft.yaml in the root of your repository or by using the config parameter.

Instead of picking up environment variables, if you can't use a configuration file, maybe a better solution would be to overload the config parameter to also accept Yaml configuration? E.g. it could look something like this:

      - uses: anchore/sbom-action@v0
        with:
          path: .
          config: |
            log:
              level: debug
            select-catalogers: javascript

Regardless, you'll need to get the files in dist/ updated. This should happen automatically from a git commit hook, which should get installed when you npm install. You can also just run: npm run package.

src/github/SyftGithubAction.ts Outdated Show resolved Hide resolved
@iNoahNothing
Copy link
Contributor Author

What environment variables are you setting?

@kzantow
I am trying to set TMPDIR to update where stereoscope is downloading the image tarball to. Not having the local env passed into the syft run is making it impossible to change this.

Regardless, you'll need to get the files in dist/ updated. This should happen automatically from a git commit hook, which should get installed when you npm install. You can also just run: npm run package.

Thanks! I couldn't figure out the right way to get those updated from the contributing docs.

@iNoahNothing
fix: pass current environment to the syft run
e8909dc 
Signed-off-by: Noah Krause <krausenoah@gmail.com>
@iNoahNothing
chore: add a small note about updating dist/
5292733 
Signed-off-by: Noah Krause <krausenoah@gmail.com>
@kzantow kzantow merged commit 04a486a into anchore:main Mar 27, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@iNoahNothing @kzantow