From 1d2fa93856ac89ffeee621ec0b8228cb49b93396 Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Mon, 8 Aug 2022 17:04:59 -0700
Subject: [PATCH] sarif upload issues

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 .github/workflows/vulnerability-scans.yaml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml
index bcf6921a5..3321e1851 100644
--- a/.github/workflows/vulnerability-scans.yaml
+++ b/.github/workflows/vulnerability-scans.yaml
@@ -56,6 +56,9 @@ jobs:
       matrix:
         versions: ${{ fromJSON(needs.version.outputs.versions) }}
     steps:
+    - name: Checkout code
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
     - shell: bash
       id: test
       run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
@@ -66,29 +69,27 @@ jobs:
       with:
         image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
         format: 'sarif'
-        output: trivy-results-${{ matrix.versions }}.sarif
+        output: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
         exit-code: 0
         vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
 
     - name: Output Sarif File
       shell: bash
-      run: cat trivy-results-${{ matrix.versions }}.sarif
-
-    - name: Checkout code
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
 
     # This step checks out a copy of your repository.
     - name: Upload SARIF file
       uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03
       with:
+        token: ${{ github.token }}
         # Path to SARIF file relative to the root of the repository
-        sarif_file: trivy-results-${{ matrix.versions }}.sarif
+        sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
 
     - name: Vulz Count
       shell: bash
       run: |
-        TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
+        TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
         echo "TRIVY_COUNT: $TRIVY_COUNT"
         echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
         echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY