Using a return code in a if: condition

Actions
1

I’m trying to setup an action (scan a container image with trivy) where it will exit the action prior to pushing the image if the trivy scan has a return code of non-zero.

Here is what I have:

- name: Run Trivy Scan

  run: trivy image --scanners vuln --severity CRITICAL my.image --exit-code 1 --ignorefile /etc/trivy/trivyignore.txt

  id: trivy.status

- name: Exit if the scan fails

  if: ${{ steps.trivy.status != 0 }} 

  run: exit 1

But the if never gets triggered and it just skips past this even though the scan has a return value of 1. I’m sure I just have my syntax wrong, but I can’t find anything that tells me how to use a return code in an if: condition.

Any help would be much appreciated.

2

Good artists copy, great artists … are inspired:

Why don’t you use their action ?

And yes if you want to do it very simple, see the permalink to their bash script
(returnCode=$? etc.) and run both actions in a simple run block:

run: |
   trivy image --scanners vuln ...
   line 2