chore: more tweaks

KLongmuirHD · KLongmuirHD · commit 48886b45618f · 2025-10-08T08:43:14.000-04:00
diff --git a/.github/workflows/demo-build-and-scan-docker-image.yml b/.github/workflows/demo-build-and-scan-docker-image.yml
@@ -13,6 +13,11 @@ jobs:
     environment: demo
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
@@ -28,6 +33,9 @@ jobs:
       - name: Generate SBOM for local Docker image
         run: |
           cdxgen -t docker -o sbom.json -r herodevs/eol-scan:local
+
+      - name: Verify SBOM exists
+        run: ls -l sbom.json
       
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v4
@@ -59,4 +67,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: herodevs-report
-          path: herodevs.report.json
+          path: ./herodevs.report.json
diff --git a/.github/workflows/demo-docker-buildx-sbom-scan.yml b/.github/workflows/demo-docker-buildx-sbom-scan.yml
@@ -9,10 +9,17 @@ env:
 
 jobs:
   build-and-sbom:
-    name: Build Docker image & Generate SBOM
-    environment: demo
+    name: Build Docker Image & Generate SBOM
     runs-on: ubuntu-latest
+    environment: demo
     steps:
+      # Checkout the repo
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      # Set up Node.js
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
@@ -21,28 +28,26 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Enable BuildKit experimental features
-        run: |
-          export DOCKER_CLI_EXPERIMENTAL=enabled
-
-      - name: Build Docker image and generate SBOM
+      - name: Build Docker image with SBOM
         run: |
           docker buildx build \
-            --file ./ci/image.Dockerfile \
+            --file ci/image.Dockerfile \
             --tag herodevs/eol-scan:local \
-            --sbom=type=cyclonedx,output=sbom.json \
             --platform linux/amd64 \
-            --load \
-            .
+            --sbom=type=cyclonedx,output=sbom.json \
+            --load
+
+      - name: Verify SBOM
+        run: ls -l sbom.json
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v4
         with:
-          name: docker-buildx-sbom-json
+          name: cdxgen-sbom-json
           path: sbom.json
 
   scan-sbom:
-    name: Run HD Scan
+    name: Run HeroDevs EOL Scan
     runs-on: ubuntu-latest
     needs: build-and-sbom
     steps:
@@ -54,7 +59,7 @@ jobs:
       - name: Download SBOM artifact
         uses: actions/download-artifact@v4
         with:
-          name: docker-buildx-sbom-json
+          name: cdxgen-sbom-json
           path: .
 
       - name: Run EOL scan
diff --git a/.github/workflows/demo-scan-with-image.yml b/.github/workflows/demo-scan-with-image.yml
@@ -12,17 +12,24 @@ jobs:
     runs-on: ubuntu-latest
     environment: demo
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           ref: main
 
       - name: Run EOL Scan with Docker
-        uses: docker://ghcr.io/herodevs/eol-scan
-        with:
-          args: "-s"
-      
+        run: |
+          # Create output directory
+          mkdir -p output
+          
+          # Run container with volume mount to write report
+          docker run --rm \
+            -v ${{ github.workspace }}/output:/workspace \
+            -w /workspace \
+            ghcr.io/herodevs/eol-scan -s
+
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: my-eol-report
-          path: herodevs.report.json
+          path: output/herodevs.report.json
