I’m trying to setup an action (scan a container image with trivy) where it will exit the action prior to pushing the image if the trivy scan has a return code of non-zero.
Here is what I have:
- name: Run Trivy Scan run: trivy image --scanners vuln --severity CRITICAL my.image --exit-code 1 --ignorefile /etc/trivy/trivyignore.txt id: trivy.status - name: Exit if the scan fails if: ${{ steps.trivy.status != 0 }} run: exit 1
But the if never gets triggered and it just skips past this even though the scan has a return value of 1. I’m sure I just have my syntax wrong, but I can’t find anything that tells me how to use a return code in an if: condition.
Any help would be much appreciated.