ci: don't block alpha and beta releases on grype scans

2026-02-07 20:11:16 -05:00 · 2026-01-07 21:15:17 +01:00
parent 52550f24b2
commit 8f915ea8bf
1 changed files with 2 additions and 0 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -78,6 +78,7 @@ jobs:
            APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}

      - name: Scan new image for vulnerabilities
+        if: needs.determine-release-type.outputs.release_type == 'release'
        uses: anchore/scan-action@v7
        id: scan
        with:
@@ -86,6 +87,7 @@ jobs:
          severity-cutoff: critical

      - name: upload Anchore scan report
+        if: needs.determine-release-type.outputs.release_type == 'release'
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}