From 8b82330417b5f2a8fa7c73cdc8265b40d71ba88b Mon Sep 17 00:00:00 2001
From: James Addison <jay@jp-hosting.net>
Date: Tue, 19 Jul 2022 00:17:54 +0100
Subject: [PATCH] Enable upload of container scanning SARIF reports

---
 .github/workflows/publish.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 9b952a1..de771c8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -58,13 +58,23 @@ jobs:
         password: ${{ secrets.DOCKERHUB_TOKEN }}
     # Perform vulnerability scanning
     ## Note: please move this to *before* the container publish steps after confirming a way to use anchore/scan-action with locally-built OCI images
-    - uses: anchore/scan-action@v3
+    - id: scan-grocy-backend
+      uses: anchore/scan-action@v3
       with:
         image: docker.io/grocy/${{ steps.build-grocy-backend.outputs.image-with-tag }}
         acs-report-enable: true
         fail-build: false  # TODO: remove this when scan-action steps are moved to before container publish
-    - uses: anchore/scan-action@v3
+    - id: scan-grocy-frontend
+      uses: anchore/scan-action@v3
       with:
         image: docker.io/grocy/${{ steps.build-grocy-frontend.outputs.image-with-tag }}
         acs-report-enable: true
         fail-build: false  # TODO: remove this when scan-action steps are moved to before container publish
+    - uses: github/codeql-action/upload-sarif@v2
+      with:
+        category: scan-grocy-backend
+        sarif_file: ${{ steps.scan-grocy-backend.outputs.sarif }}
+    - uses: github/codeql-action/upload-sarif@v2
+      with:
+        category: scan-grocy-frontend
+        sarif_file: ${{ steps.scan-grocy-frontend.outputs.sarif }}