Skip to content

Commit aec6f50

Browse files
bertiethorpebertiethorpe
committed
fix fatimage.yml mnt permissions
1 parent 51d1991 commit aec6f50

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

.github/workflows/fatimage.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,9 @@ jobs:
8585
- name: Download image
8686
run: |
8787
. venv/bin/activate
88-
sudo openstack image save --file /mnt/${{ steps.manifest.outputs.image-name }}.qcow2 ${{ steps.manifest.outputs.image-name }}
88+
sudo mkdir /mnt/images
89+
sudo chmod 777 /mnt/images
90+
openstack image save --file /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 ${{ steps.manifest.outputs.image-name }}
8991
9092
- name: Set up QEMU
9193
uses: docker/setup-qemu-action@v3
@@ -96,32 +98,32 @@ jobs:
9698
sudo apt -y install libguestfs-tools
9799
98100
- name: mkdir for mount
99-
run: sudo mkdir -p '/mnt/${{ steps.manifest.outputs.image-name }}'
101+
run: sudo mkdir -p './${{ steps.manifest.outputs.image-name }}'
100102

101103
- name: mount qcow2 file
102-
run: sudo guestmount -a ${{ steps.manifest.outputs.image-name }}.qcow2 -i --ro -o allow_other '/mnt/${{ steps.manifest.outputs.image-name }}'
104+
run: sudo guestmount -a /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 -i --ro -o allow_other './${{ steps.manifest.outputs.image-name }}'
103105

104106
- name: Run Trivy vulnerability scanner
105107
uses: aquasecurity/[email protected]
106108
with:
107109
scan-type: fs
108-
scan-ref: "/mnt/${{ steps.manifest.outputs.image-name }}"
110+
scan-ref: "${{ steps.manifest.outputs.image-name }}"
109111
scanners: "vuln"
110112
format: sarif
111-
output: "/mnt/${{ steps.manifest.outputs.image-name }}.sarif"
113+
output: "${{ steps.manifest.outputs.image-name }}.sarif"
112114
# turn off secret scanning to speed things up
113115

114116
- name: Upload Trivy scan results to GitHub Security tab
115117
uses: github/codeql-action/upload-sarif@v3
116118
with:
117-
sarif_file: "/mnt/${{ steps.manifest.outputs.image-name }}.sarif"
119+
sarif_file: "${{ steps.manifest.outputs.image-name }}.sarif"
118120
category: "${{ matrix.os_version }}-${{ matrix.build }}"
119121

120122
- name: Fail if scan has CRITICAL vulnerabilities
121123
uses: aquasecurity/[email protected]
122124
with:
123125
scan-type: fs
124-
scan-ref: "/mnt/${{ steps.manifest.outputs.image-name }}"
126+
scan-ref: "${{ steps.manifest.outputs.image-name }}"
125127
scanners: "vuln"
126128
format: table
127129
exit-code: '1'

0 commit comments

Comments
 (0)