Skip to content

fix: output stderr for nonzero exit code #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 22, 2025
Merged

fix: output stderr for nonzero exit code #491

merged 4 commits into from
Jul 22, 2025

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Jul 21, 2025
edited
Loading

This PR makes a few changes:

  • logs stderr to the actions log, so users are able to see errors
  • fails the build if grype returns nonzero unless the error returned is from --fail-on and fail-build: false
  • updates the failure message to be more accurate and fix a number of tests that were silently failing
  • removes the need to build test images, just using existing anchore/test_images instead

Fixes: #490

You can see some runs of this branch in different scenarios: vulns, other failures, success, etc. here: https://github.com/kzantow-anchore/scan-action-test/actions such as when a user references a vex document that doesn't exist

kzantow added 4 commits July 21, 2025 17:23
@kzantow
fix: output stderr for nonzero exit code
f0a69ae 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: merge main
58ea416 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests
eaec285 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests
658a7dc 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow
kzantow commented Jul 22, 2025
View reviewed changes
dist/index.js
},
stderr(buffer) {
stderr += buffer.toString();
core.info(buffer.toString());
Copy link
Contributor Author

@kzantow kzantow Jul 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same thing sbom-action is doing and it is the only reliable way I was able to get the full stderr log. The behavior before, appending to a string that gets returned seemed to occur before some buffer got flushed and didn't have the full log, so the error at the end is lost ☹️

@kzantow kzantow merged commit b8370fa into anchore:main Jul 22, 2025
31 checks passed
@kzantow kzantow deleted the log-errors branch July 22, 2025 13:53
@kzantow kzantow linked an issue Jul 22, 2025 that may be closed by this pull request
Action continues on non-vulnerability failures #390
Closed
@kzantow kzantow mentioned this pull request Jul 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Errors not being printed to log, even in actions debug mode Action continues on non-vulnerability failures
2 participants
@kzantow @wagoodman