wait for scan

This commit is contained in:
burnettk 2024-08-15 18:29:12 -04:00
parent 7553ca7330
commit 57d757cc53
No known key found for this signature in database
2 changed files with 33 additions and 50 deletions

View File

@ -17,9 +17,9 @@ jobs:
- name: Run ECR Scan and Get SARIF Report
uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
with:
repository_name: "my-ecr-repository"
image_tag: "latest"
aws_region: "us-west-2"
repository_name: "infr/testcloud2202"
image_tag: "main"
aws_region: "us-east-2"
output_file: "report.sarif"
- name: Upload SARIF report as artifact

View File

@ -2,66 +2,49 @@ import json
import boto3
import time
import sys
# def wait_for_image_scan(repository_name, image_tag, region):
# client = boto3.client("ecr", region_name=region)
#
# while True:
# response = client.describe_images(
# repositoryName=repository_name, imageIds=[{"imageTag": image_tag}]
# )
#
# print(f"➡️ ➡️ ➡️ response: {response}")
# status = response["imageDetails"][0]["imageScanStatus"]["status"]
# print(f"Scan status: {status}")
#
# if status == "COMPLETE":
# break
# elif status == "FAILED":
# raise Exception("Scan failed to complete")
# else:
# print("Still scanning, waiting for 30 seconds...")
# time.sleep(30)
from botocore.exceptions import ClientError
def wait_for_image_scan(repository_name, image_tag, region):
client = boto3.client("ecr", region_name=region)
response = None
while True:
max_retries = 10
retries = 0
while retries < max_retries:
# maybe just check if this raises or not
try:
response = client.describe_image_scan_findings(
repositoryName=repository_name, imageId={"imageTag": image_tag}
)
except ClientError as e:
if e.response['Error']['Code'] == 'ScanNotFoundException':
print(f"Scan not found for tag: {image_tag}. Retrying...")
retries += 1
time.sleep(30)
continue
else:
raise
if "imageScanFindings" in response:
print("HIHIHI")
findings = response.get("imageScanFindings", {}).get("findings", [])
findings += response.get("imageScanFindings", {}).get("enhancedFindings", [])
print(f"Found {len(findings)} issues.")
if len(findings) > 0:
print(f"Scan found for repository {repository_name} and tag {image_tag}")
break
# findings = response.get("imageScanFindings", {}).get("findings", [])
# findings += response.get("imageScanFindings", {}).get("enhancedFindings", [])
# print(f"Found {len(findings)} issues.")
#
# if len(findings) > 0:
# break
print("Still scanning, waiting for 30 seconds...")
time.sleep(30)
# scan_status = response.get("imageScanStatus", {}).get("status")
#
# if not scan_status:
# print(f"No image scan status found for tag: {image_tag}")
# sys.exit(1)
#
# print(f"Scan status: {scan_status}")
#
# if scan_status == "COMPLETE":
# print("Image scan complete!")
# break
# elif scan_status == "FAILED":
# print("Image scan failed!")
# sys.exit(1)
# else:
retries += 1
if retries == max_retries:
raise Exception("Max retries reached. Scan not found or incomplete.")
else:
return response