add option to fail if vulnerability was found

wochinge · wochinge · commit ad34351a3f5c · 2020-04-28T11:00:12.000+02:00
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
 |issue_title|False|Security Alert|Issue title|
 |issue_label|False|trivy,vulnerability|Issue label (separated by commma)|
 |issue_assignee|False|N/A|Issue assignee (separated by commma)|
+|fail_on_vulnerabilities|False|false|Whether the action should fail if any vulnerabilities were found.|
 
 ### Outputs
 
diff --git a/action.yml b/action.yml
@@ -39,6 +39,10 @@ inputs:
   issue_assignee:
     description: 'Issue assignee (separated by commma)'
     required: false
+  fail_on_vulnerabilities:
+    description: Whether the action should fail if a vulnerability was found
+    default: 'false'
+    required: false
 
 outputs:
   issue_number:
diff --git a/dist/index.js b/dist/index.js
@@ -6593,6 +6593,9 @@ function run() {
             const output = yield issue_1.createOrUpdateIssue(token, image, issueOption);
             core.setOutput('html_url', output.htmlUrl);
             core.setOutput('issue_number', output.issueNumber.toString());
+            if (core.getInput("fail_on_vulnerabilities") === 'true') {
+                core.setFailed(`Vulnerabilities found.\n${issueContent}`);
+            }
         }
         catch (error) {
             core.error(error.stack);
diff --git a/src/index.ts b/src/index.ts
@@ -72,6 +72,10 @@ async function run() {
     const output: IssueResponse = await createOrUpdateIssue(token, image, issueOption);
     core.setOutput('html_url', output.htmlUrl);
     core.setOutput('issue_number', output.issueNumber.toString());
+
+    if (core.getInput("fail_on_vulnerabilities") === 'true') {
+      core.setFailed(`Vulnerabilities found.\n${issueContent}`)
+    }
   } catch (error) {
     core.error(error.stack);
     core.setFailed(error.message);
