ci: group output

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-03-07 14:48:50 +01:00 · 2023-03-07 14:48:50 +01:00 · e4b5655646
commit e4b5655646
parent f4a4a044fe
2 changed files with 5 additions and 1 deletions
--- a/.github/actions/container_sbom/action.yml
+++ b/.github/actions/container_sbom/action.yml
@ -32,6 +32,7 @@ runs:
        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
      run: |
+        echo "::group::Generate SBOM"
        set -ex
        syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
        cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
@ -40,3 +41,4 @@ runs:
        # https://github.com/sigstore/cosign/issues/2264
        cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
        grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
+        echo "::endgroup::"
--- a/.github/actions/install_syft_grype/action.yml
+++ b/.github/actions/install_syft_grype/action.yml
@ -31,8 +31,10 @@ runs:
        curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
        tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
        sudo install syft /usr/bin/syft
-        syft version
        curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
        tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
        sudo install grype /usr/bin/grype
+
+        echo "::endgroup::"
+        syft version
        grype version