Organize GitHub summary by image and version #474
Description
Problem
Matrix jobs in the published images vulnerability scanning workflow append to $GITHUB_STEP_SUMMARY in completion order (non-deterministic), resulting in randomly ordered scan results.
Desired Behavior
Organize results:
- By image (
liquibase/liquibasefirst, thenliquibase/liquibase-secure) - Within each image, by version (newest at top)
Proposed Solution: Artifact-Based Aggregation
Each matrix job writes its summary to a file and uploads as an artifact. A final job downloads all artifacts, sorts them, and writes one organized summary.
Changes Required
| File | Changes |
|---|---|
scripts/generate-dockerhub-matrix.sh |
Add sort_key field (e.g., "0-000" for ordering) |
scripts/append-github-summary.sh |
Write to file instead of $GITHUB_STEP_SUMMARY |
.github/workflows/trivy-scan-published-images.yml |
Upload summary artifacts, aggregate in notify-results |
Implementation Details
- Add sort_key to matrix: First digit = image index (0=community, 1=secure), remaining = version index (000=newest)
- Summary script: Write to local file
summary-content.mdinstead of appending to summary - Workflow: Upload summary artifacts per job, download and aggregate in
notify-resultsjob
Expected Result
Before: Random order
5.0.1 (secure)
5.0.3 (community)
5.0.2 (secure)
After: Organized
# liquibase/liquibase
5.0.3
5.0.2
5.0.1
# liquibase/liquibase-secure
5.0.3
5.0.2
5.0.1
🤖 Generated with Claude Code