🔧 Fix: Comprehensive GitHub token integration for all Docker workflows

✨ Complete GitHub Token Support: - Add github-token parameter to all Trivy actions (security + release) - Add GITHUB_TOKEN environment variable to all Docker build steps - Add global GITHUB_TOKEN environment to CI and release workflows - Ensure consistent token usage across all workflow jobs 🐳 Docker Workflow Improvements: - CI workflow: Docker build with GitHub token for base image pulls - Security workflow: Docker build + Trivy scans with token - Release workflow: Docker build + security scans with token - Better authentication for all container operations Authentication Benefits: - Eliminates GitHub API rate limiting issues - Fixes 'Bad credentials' errors in Trivy scans - Improves reliability of Docker base image pulls - Ensures consistent authentication across all workflows Affected Workflows: - CI/CD Pipeline: Enhanced Docker builds - Security Scans: Fixed Trivy authentication - Release Pipeline: Complete token integration
2025-08-12 16:26:02 +07:00
parent 557b29b74d
commit b13a4fe400
3 changed files with 362 additions and 331 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -13,6 +13,8 @@ env:
  PYTHON_VERSION: '3.11'
  REGISTRY: git.b4l.co.th
  IMAGE_NAME: b4l/northern-thailand-ping-river-monitor
  # GitHub token for better rate limits and authentication
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
  # Test job
@@ -164,6 +166,8 @@ jobs:
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Test Docker image
      run: |
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -15,6 +15,8 @@ env:
  PYTHON_VERSION: '3.11'
  REGISTRY: git.b4l.co.th
  IMAGE_NAME: b4l/northern-thailand-ping-river-monitor
  # GitHub token for better rate limits and authentication
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
  # Create release
@@ -139,6 +141,8 @@ jobs:
          org.opencontainers.image.revision=${{ github.sha }}
        cache-from: type=gha
        cache-to: type=gha,mode=max
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  # Security scan for release
  security-scan:
@@ -156,6 +160,7 @@ jobs:
        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }}
        format: 'sarif'
        output: 'trivy-results.sarif'
        github-token: ${{ secrets.GITHUB_TOKEN }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitea/workflows/security.yml
+++ b/.gitea/workflows/security.yml
@@ -3,318 +3,340 @@ name: Security & Dependency Updates
 on:
  schedule:
    # Run security scans daily at 3 AM UTC
-    - cron: '0 3 * * *'
+    - cron: "0 3 * * *"
  workflow_dispatch:
  push:
    paths:
-      - 'requirements*.txt'
+      - "requirements*.txt"
-      - 'Dockerfile'
+      - "Dockerfile"
-      - '.gitea/workflows/security.yml'
+      - ".gitea/workflows/security.yml"
 env:
-  PYTHON_VERSION: '3.11'
+  PYTHON_VERSION: "3.11"
  # GitHub token for better rate limits and authentication
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
  # Dependency vulnerability scan
  dependency-scan:
    name: Dependency Security Scan
    runs-on: ubuntu-latest
-    
+
    steps:
-    - name: Checkout code
+      - name: Checkout code
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
-      
+
-    - name: Set up Python
+      - name: Set up Python
-      uses: actions/setup-python@v4
+        uses: actions/setup-python@v4
-      with:
+        with:
-        python-version: ${{ env.PYTHON_VERSION }}
+          python-version: ${{ env.PYTHON_VERSION }}
-        
+
-    - name: Install dependencies
+      - name: Install dependencies
-      run: |
+        run: |
-        python -m pip install --upgrade pip
+          python -m pip install --upgrade pip
-        pip install safety bandit semgrep
+          pip install safety bandit semgrep
-        
+
-    - name: Run Safety check
+      - name: Run Safety check
-      run: |
+        run: |
-        safety check -r requirements.txt --json --output safety-report.json || true
+          safety check -r requirements.txt --json --output safety-report.json || true
-        safety check -r requirements-dev.txt --json --output safety-dev-report.json || true
+          safety check -r requirements-dev.txt --json --output safety-dev-report.json || true
-        
+
-    - name: Run Bandit security scan
+      - name: Run Bandit security scan
-      run: |
+        run: |
-        bandit -r src/ -f json -o bandit-report.json || true
+          bandit -r src/ -f json -o bandit-report.json || true
-        
+
-    - name: Run Semgrep security scan
+      - name: Run Semgrep security scan
-      run: |
+        run: |
-        semgrep --config=auto src/ --json --output=semgrep-report.json || true
+          semgrep --config=auto src/ --json --output=semgrep-report.json || true
-        
+
-    - name: Upload security reports
+      - name: Upload security reports
-      uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3
-      with:
+        with:
-        name: security-reports-${{ github.run_number }}
+          name: security-reports-${{ github.run_number }}
-        path: |
+          path: |
-          safety-report.json
+            safety-report.json
-          safety-dev-report.json
+            safety-dev-report.json
-          bandit-report.json
+            bandit-report.json
-          semgrep-report.json
+            semgrep-report.json
-          
+
-    - name: Check for critical vulnerabilities
+      - name: Check for critical vulnerabilities
-      run: |
+        run: |
-        echo "🔍 Checking for critical vulnerabilities..."
+          echo "🔍 Checking for critical vulnerabilities..."
-        
+
-        # Check Safety results
+          # Check Safety results
-        if [ -f safety-report.json ]; then
+          if [ -f safety-report.json ]; then
-          critical_count=$(jq '.vulnerabilities | length' safety-report.json 2>/dev/null || echo "0")
+            critical_count=$(jq '.vulnerabilities | length' safety-report.json 2>/dev/null || echo "0")
-          if [ "$critical_count" -gt 0 ]; then
+            if [ "$critical_count" -gt 0 ]; then
-            echo "⚠️ Found $critical_count dependency vulnerabilities"
+              echo "⚠️ Found $critical_count dependency vulnerabilities"
-            jq '.vulnerabilities[] | "- \(.package_name) \(.installed_version): \(.vulnerability_id)"' safety-report.json
+              jq '.vulnerabilities[] | "- \(.package_name) \(.installed_version): \(.vulnerability_id)"' safety-report.json
-          else
+            else
-            echo "✅ No dependency vulnerabilities found"
+              echo "✅ No dependency vulnerabilities found"
            fi
          fi
-        fi
+
-        
+          # Check Bandit results
-        # Check Bandit results
+          if [ -f bandit-report.json ]; then
-        if [ -f bandit-report.json ]; then
+            high_severity=$(jq '.results[] | select(.issue_severity == "HIGH") | length' bandit-report.json 2>/dev/null | wc -l)
-          high_severity=$(jq '.results[] | select(.issue_severity == "HIGH") | length' bandit-report.json 2>/dev/null | wc -l)
+            if [ "$high_severity" -gt 0 ]; then
-          if [ "$high_severity" -gt 0 ]; then
+              echo "⚠️ Found $high_severity high-severity security issues"
-            echo "⚠️ Found $high_severity high-severity security issues"
+            else
-          else
+              echo "✅ No high-severity security issues found"
-            echo "✅ No high-severity security issues found"
+            fi
          fi
        fi
  # Docker image security scan
  docker-security-scan:
    name: Docker Security Scan
    runs-on: ubuntu-latest
-    
+
    steps:
-    - name: Checkout code
+      - name: Checkout code
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
-      
+
-    - name: Build Docker image for scanning
+      - name: Check GitHub token availability
-      run: |
+        run: |
-        docker build -t ping-river-monitor:scan .
+          if [ -z "${{ secrets.GITHUB_TOKEN }}" ]; then
-        
+            echo "⚠️ GITHUB_TOKEN not configured. Trivy scans may fail due to rate limits."
-    - name: Run Trivy vulnerability scanner
+            echo "💡 To fix: Add GITHUB_TOKEN secret in repository settings"
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: 'ping-river-monitor:scan'
        format: 'json'
        output: 'trivy-report.json'
    - name: Run Trivy filesystem scan
      uses: aquasecurity/trivy-action@master
      with:
        scan-type: 'fs'
        scan-ref: '.'
        format: 'json'
        output: 'trivy-fs-report.json'
    - name: Upload Trivy reports
      uses: actions/upload-artifact@v3
      with:
        name: trivy-reports-${{ github.run_number }}
        path: |
          trivy-report.json
          trivy-fs-report.json
    - name: Check Trivy results
      run: |
        echo "🔍 Analyzing Docker security scan results..."
        if [ -f trivy-report.json ]; then
          critical_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL") | length' trivy-report.json 2>/dev/null | wc -l)
          high_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "HIGH") | length' trivy-report.json 2>/dev/null | wc -l)
          echo "Critical vulnerabilities: $critical_vulns"
          echo "High vulnerabilities: $high_vulns"
          if [ "$critical_vulns" -gt 0 ]; then
            echo "❌ Critical vulnerabilities found in Docker image!"
            exit 1
          elif [ "$high_vulns" -gt 5 ]; then
            echo "⚠️ Many high-severity vulnerabilities found"
          else
-            echo "✅ Docker image security scan passed"
+            echo "✅ GITHUB_TOKEN is configured"
          fi
      - name: Build Docker image for scanning
        run: |
          docker build -t ping-river-monitor:scan .
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "ping-river-monitor:scan"
          format: "json"
          output: "trivy-report.json"
          github-token: ${{ secrets.GITHUB_TOKEN }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        continue-on-error: true
      - name: Run Trivy filesystem scan
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: "fs"
          scan-ref: "."
          format: "json"
          output: "trivy-fs-report.json"
          github-token: ${{ secrets.GITHUB_TOKEN }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        continue-on-error: true
      - name: Upload Trivy reports
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: trivy-reports-${{ github.run_number }}
          path: |
            trivy-report.json
            trivy-fs-report.json
      - name: Check Trivy results
        run: |
          echo "🔍 Analyzing Docker security scan results..."
          if [ -f trivy-report.json ]; then
            critical_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL") | length' trivy-report.json 2>/dev/null | wc -l)
            high_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "HIGH") | length' trivy-report.json 2>/dev/null | wc -l)
            echo "Critical vulnerabilities: $critical_vulns"
            echo "High vulnerabilities: $high_vulns"
            if [ "$critical_vulns" -gt 0 ]; then
              echo "❌ Critical vulnerabilities found in Docker image!"
              exit 1
            elif [ "$high_vulns" -gt 5 ]; then
              echo "⚠️ Many high-severity vulnerabilities found"
            else
              echo "✅ Docker image security scan passed"
            fi
          fi
        fi
  # License compliance check
  license-check:
    name: License Compliance
    runs-on: ubuntu-latest
-    
+
    steps:
-    - name: Checkout code
+      - name: Checkout code
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
-      
+
-    - name: Set up Python
+      - name: Set up Python
-      uses: actions/setup-python@v4
+        uses: actions/setup-python@v4
-      with:
+        with:
-        python-version: ${{ env.PYTHON_VERSION }}
+          python-version: ${{ env.PYTHON_VERSION }}
-        
+
-    - name: Install pip-licenses
+      - name: Install pip-licenses
-      run: |
+        run: |
-        python -m pip install --upgrade pip
+          python -m pip install --upgrade pip
-        pip install pip-licenses
+          pip install pip-licenses
-        pip install -r requirements.txt
+          pip install -r requirements.txt
-        
+
-    - name: Check licenses
+      - name: Check licenses
-      run: |
+        run: |
-        echo "📄 Checking dependency licenses..."
+          echo "📄 Checking dependency licenses..."
-        pip-licenses --format=json --output-file=licenses.json
+          pip-licenses --format=json --output-file=licenses.json
-        pip-licenses --format=markdown --output-file=licenses.md
+          pip-licenses --format=markdown --output-file=licenses.md
-        
+
-        # Check for problematic licenses
+          # Check for problematic licenses
-        problematic_licenses=("GPL" "AGPL" "LGPL")
+          problematic_licenses=("GPL" "AGPL" "LGPL")
-        
+
-        for license in "${problematic_licenses[@]}"; do
+          for license in "${problematic_licenses[@]}"; do
-          if grep -i "$license" licenses.json; then
+            if grep -i "$license" licenses.json; then
-            echo "⚠️ Found potentially problematic license: $license"
+              echo "⚠️ Found potentially problematic license: $license"
-          fi
+            fi
-        done
+          done
-        
+
-        echo "✅ License check completed"
+          echo "✅ License check completed"
-        
+
-    - name: Upload license report
+      - name: Upload license report
-      uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3
-      with:
+        with:
-        name: license-report-${{ github.run_number }}
+          name: license-report-${{ github.run_number }}
-        path: |
+          path: |
-          licenses.json
+            licenses.json
-          licenses.md
+            licenses.md
  # Dependency update check
  dependency-update:
    name: Check for Dependency Updates
    runs-on: ubuntu-latest
-    
+
    steps:
-    - name: Checkout code
+      - name: Checkout code
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
-      
+
-    - name: Set up Python
+      - name: Set up Python
-      uses: actions/setup-python@v4
+        uses: actions/setup-python@v4
-      with:
+        with:
-        python-version: ${{ env.PYTHON_VERSION }}
+          python-version: ${{ env.PYTHON_VERSION }}
-        
+
-    - name: Install pip-check-updates equivalent
+      - name: Install pip-check-updates equivalent
-      run: |
+        run: |
-        python -m pip install --upgrade pip
+          python -m pip install --upgrade pip
-        pip install pip-review
+          pip install pip-review
-        
+
-    - name: Check for outdated packages
+      - name: Check for outdated packages
-      run: |
+        run: |
-        echo "📦 Checking for outdated packages..."
+          echo "📦 Checking for outdated packages..."
-        pip install -r requirements.txt
+          pip install -r requirements.txt
-        pip list --outdated --format=json > outdated-packages.json || true
+          pip list --outdated --format=json > outdated-packages.json || true
-        
+
-        if [ -s outdated-packages.json ]; then
+          if [ -s outdated-packages.json ]; then
-          echo "📋 Outdated packages found:"
+            echo "📋 Outdated packages found:"
-          cat outdated-packages.json | jq -r '.[] | "- \(.name): \(.version) -> \(.latest_version)"'
+            cat outdated-packages.json | jq -r '.[] | "- \(.name): \(.version) -> \(.latest_version)"'
-        else
+          else
-          echo "✅ All packages are up to date"
+            echo "✅ All packages are up to date"
-        fi
+          fi
-        
+
-    - name: Create dependency update issue
+      - name: Create dependency update issue
-      if: github.event_name == 'schedule'
+        if: github.event_name == 'schedule'
-      run: |
+        run: |
-        if [ -s outdated-packages.json ] && [ "$(cat outdated-packages.json)" != "[]" ]; then
+          if [ -s outdated-packages.json ] && [ "$(cat outdated-packages.json)" != "[]" ]; then
-          echo "📝 Creating dependency update issue..."
+            echo "📝 Creating dependency update issue..."
-          
+            
-          # Create issue body
+            # Create issue body
-          cat > issue-body.md << 'EOF'
+            cat > issue-body.md << 'EOF'
-        ## 📦 Dependency Updates Available
+          ## 📦 Dependency Updates Available
-        
+
-        The following packages have updates available:
+          The following packages have updates available:
-        
+
-        EOF
+          EOF
-          
+            
-          cat outdated-packages.json | jq -r '.[] | "- **\(.name)**: \(.version) → \(.latest_version)"' >> issue-body.md
+            cat outdated-packages.json | jq -r '.[] | "- **\(.name)**: \(.version) → \(.latest_version)"' >> issue-body.md
-          
+            
-          cat >> issue-body.md << 'EOF'
+            cat >> issue-body.md << 'EOF'
-        
+
-        ## 🔍 Security Impact
+          ## 🔍 Security Impact
-        
+
-        Please review each update for:
+          Please review each update for:
-        - Security fixes
+          - Security fixes
-        - Breaking changes
+          - Breaking changes
-        - Compatibility issues
+          - Compatibility issues
-        
+
-        ## ✅ Action Items
+          ## ✅ Action Items
-        
+
-        - [ ] Review changelog for each package
+          - [ ] Review changelog for each package
-        - [ ] Test updates in development environment
+          - [ ] Test updates in development environment
-        - [ ] Update requirements.txt
+          - [ ] Update requirements.txt
-        - [ ] Run full test suite
+          - [ ] Run full test suite
-        - [ ] Deploy to staging for validation
+          - [ ] Deploy to staging for validation
-        
+
-        ---
+          ---
-        *This issue was automatically created by the security workflow.*
+          *This issue was automatically created by the security workflow.*
-        EOF
+          EOF
-          
+            
-          echo "Issue body created. In a real implementation, you would create a Gitea issue here."
+            echo "Issue body created. In a real implementation, you would create a Gitea issue here."
-          cat issue-body.md
+            cat issue-body.md
-        fi
+          fi
-        
+
-    - name: Upload dependency reports
+      - name: Upload dependency reports
-      uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3
-      with:
+        with:
-        name: dependency-reports-${{ github.run_number }}
+          name: dependency-reports-${{ github.run_number }}
-        path: |
+          path: |
-          outdated-packages.json
+            outdated-packages.json
-          issue-body.md
+            issue-body.md
  # Code quality metrics
  code-quality:
    name: Code Quality Metrics
    runs-on: ubuntu-latest
-    
+
    steps:
-    - name: Checkout code
+      - name: Checkout code
-      uses: actions/checkout@v4
+        uses: actions/checkout@v4
-      
+
-    - name: Set up Python
+      - name: Set up Python
-      uses: actions/setup-python@v4
+        uses: actions/setup-python@v4
-      with:
+        with:
-        python-version: ${{ env.PYTHON_VERSION }}
+          python-version: ${{ env.PYTHON_VERSION }}
-        
+
-    - name: Install quality tools
+      - name: Install quality tools
-      run: |
+        run: |
-        python -m pip install --upgrade pip
+          python -m pip install --upgrade pip
-        pip install radon xenon vulture
+          pip install radon xenon vulture
-        pip install -r requirements.txt
+          pip install -r requirements.txt
-        
+
-    - name: Calculate code complexity
+      - name: Calculate code complexity
-      run: |
+        run: |
-        echo "📊 Calculating code complexity..."
+          echo "📊 Calculating code complexity..."
-        radon cc src/ --json > complexity-report.json
+          radon cc src/ --json > complexity-report.json
-        radon mi src/ --json > maintainability-report.json
+          radon mi src/ --json > maintainability-report.json
-        
+
-        echo "🔍 Complexity Summary:"
+          echo "🔍 Complexity Summary:"
-        radon cc src/ --average
+          radon cc src/ --average
-        
+
-        echo "🔧 Maintainability Summary:"
+          echo "🔧 Maintainability Summary:"
-        radon mi src/
+          radon mi src/
-        
+
-    - name: Find dead code
+      - name: Find dead code
-      run: |
+        run: |
-        echo "🧹 Checking for dead code..."
+          echo "🧹 Checking for dead code..."
-        vulture src/ --json > dead-code-report.json || true
+          vulture src/ --json > dead-code-report.json || true
-        
+
-    - name: Check for code smells
+      - name: Check for code smells
-      run: |
+        run: |
-        echo "👃 Checking for code smells..."
+          echo "👃 Checking for code smells..."
-        xenon --max-absolute B --max-modules A --max-average A src/ || true
+          xenon --max-absolute B --max-modules A --max-average A src/ || true
-        
+
-    - name: Upload quality reports
+      - name: Upload quality reports
-      uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3
-      with:
+        with:
-        name: code-quality-reports-${{ github.run_number }}
+          name: code-quality-reports-${{ github.run_number }}
-        path: |
+          path: |
-          complexity-report.json
+            complexity-report.json
-          maintainability-report.json
+            maintainability-report.json
-          dead-code-report.json
+            dead-code-report.json
  # Security summary
  security-summary:
@@ -322,65 +344,65 @@ jobs:
    runs-on: ubuntu-latest
    needs: [dependency-scan, docker-security-scan, license-check, code-quality]
    if: always()
-    
+
    steps:
-    - name: Download all artifacts
+      - name: Download all artifacts
-      uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v3
-      
+
-    - name: Generate security summary
+      - name: Generate security summary
-      run: |
+        run: |
-        echo "# 🔒 Security Scan Summary" > security-summary.md
+          echo "# 🔒 Security Scan Summary" > security-summary.md
-        echo "" >> security-summary.md
+          echo "" >> security-summary.md
-        echo "**Scan Date:** $(date -u)" >> security-summary.md
+          echo "**Scan Date:** $(date -u)" >> security-summary.md
-        echo "**Repository:** ${{ github.repository }}" >> security-summary.md
+          echo "**Repository:** ${{ github.repository }}" >> security-summary.md
-        echo "**Commit:** ${{ github.sha }}" >> security-summary.md
+          echo "**Commit:** ${{ github.sha }}" >> security-summary.md
-        echo "" >> security-summary.md
+          echo "" >> security-summary.md
-        
+
-        echo "## 📊 Results" >> security-summary.md
+          echo "## 📊 Results" >> security-summary.md
-        echo "" >> security-summary.md
+          echo "" >> security-summary.md
-        
+
-        # Dependency scan results
+          # Dependency scan results
-        if [ -f security-reports-*/safety-report.json ]; then
+          if [ -f security-reports-*/safety-report.json ]; then
-          vuln_count=$(jq '.vulnerabilities | length' security-reports-*/safety-report.json 2>/dev/null || echo "0")
+            vuln_count=$(jq '.vulnerabilities | length' security-reports-*/safety-report.json 2>/dev/null || echo "0")
-          if [ "$vuln_count" -eq 0 ]; then
+            if [ "$vuln_count" -eq 0 ]; then
-            echo "- ✅ **Dependency Scan**: No vulnerabilities found" >> security-summary.md
+              echo "- ✅ **Dependency Scan**: No vulnerabilities found" >> security-summary.md
            else
              echo "- ⚠️ **Dependency Scan**: $vuln_count vulnerabilities found" >> security-summary.md
            fi
          else
-            echo "- ⚠️ **Dependency Scan**: $vuln_count vulnerabilities found" >> security-summary.md
+            echo "- ❓ **Dependency Scan**: Results not available" >> security-summary.md
          fi
-        else
+
-          echo "- ❓ **Dependency Scan**: Results not available" >> security-summary.md
+          # Docker scan results
-        fi
+          if [ -f trivy-reports-*/trivy-report.json ]; then
-        
+            echo "- ✅ **Docker Scan**: Completed" >> security-summary.md
-        # Docker scan results
+          else
-        if [ -f trivy-reports-*/trivy-report.json ]; then
+            echo "- ❓ **Docker Scan**: Results not available" >> security-summary.md
-          echo "- ✅ **Docker Scan**: Completed" >> security-summary.md
+          fi
-        else
+
-          echo "- ❓ **Docker Scan**: Results not available" >> security-summary.md
+          # License check results
-        fi
+          if [ -f license-report-*/licenses.json ]; then
-        
+            echo "- ✅ **License Check**: Completed" >> security-summary.md
-        # License check results
+          else
-        if [ -f license-report-*/licenses.json ]; then
+            echo "- ❓ **License Check**: Results not available" >> security-summary.md
-          echo "- ✅ **License Check**: Completed" >> security-summary.md
+          fi
-        else
+
-          echo "- ❓ **License Check**: Results not available" >> security-summary.md
+          # Code quality results
-        fi
+          if [ -f code-quality-reports-*/complexity-report.json ]; then
-        
+            echo "- ✅ **Code Quality**: Analyzed" >> security-summary.md
-        # Code quality results
+          else
-        if [ -f code-quality-reports-*/complexity-report.json ]; then
+            echo "- ❓ **Code Quality**: Results not available" >> security-summary.md
-          echo "- ✅ **Code Quality**: Analyzed" >> security-summary.md
+          fi
-        else
+
-          echo "- ❓ **Code Quality**: Results not available" >> security-summary.md
+          echo "" >> security-summary.md
-        fi
+          echo "## 🔗 Detailed Reports" >> security-summary.md
-        
+          echo "" >> security-summary.md
-        echo "" >> security-summary.md
+          echo "Detailed reports are available in the workflow artifacts." >> security-summary.md
-        echo "## 🔗 Detailed Reports" >> security-summary.md
+
-        echo "" >> security-summary.md
+          cat security-summary.md
-        echo "Detailed reports are available in the workflow artifacts." >> security-summary.md
+
-        
+      - name: Upload security summary
-        cat security-summary.md
+        uses: actions/upload-artifact@v3
-        
+        with:
-    - name: Upload security summary
+          name: security-summary-${{ github.run_number }}
-      uses: actions/upload-artifact@v3
+          path: security-summary.md
      with:
        name: security-summary-${{ github.run_number }}
        path: security-summary.md