fix: added filtering out of charts in security-scan workflow

.github/workflows/security-scan.yml

@@ -55,24 +55,39 @@ jobs:
     permissions:
       packages: read
     outputs:
-      packages: ${{ steps.ghcr.outputs.packages }}
-      has-packages: ${{ steps.ghcr.outputs.has-packages }}
+      packages: ${{ steps.docker-packages.outputs.packages }}
+      has-packages: ${{ steps.docker-packages.outputs.has-packages }}
     steps:
       - name: List GHCR packages for this repo
         id: ghcr
-        uses: Netcracker/qubership-workflow-hub/actions/ghcr-discover-repo-packages@d11baa8a4b42d1a931808c0766ee23eb344c47dd # v2.2.0
+        uses: Netcracker/qubership-workflow-hub/actions/ghcr-discover-repo-packages@e64a1ee2fc2f68ab44a4ef416c27d83ce36ba8e1 # v2.2.1
         env:
           GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
 
+      - name: Exclude Helm chart packages
+        id: docker-packages
+        env:
+          PACKAGES: ${{ steps.ghcr.outputs.packages }}
+          CHART_PACKAGE: env-checker-chart
+        run: |
+          packages=$(echo "$PACKAGES" | jq -c --arg chart_package "$CHART_PACKAGE" '
+            map(select((.name | split("/") | last) != $chart_package))
+          ')
+          has_packages=$(echo "$packages" | jq 'length > 0')
+          echo "packages=${packages}" >> "$GITHUB_OUTPUT"
+          echo "has-packages=${has_packages}" >> "$GITHUB_OUTPUT"
+
       - name: Print packages
-        run: echo '${{ steps.ghcr.outputs.packages }}' | jq '.'
+        env:
+          PACKAGES: ${{ steps.docker-packages.outputs.packages }}
+        run: echo "$PACKAGES" | jq '.'
 
       - name: Continue only if repo has GHCR packages
-        if: ${{ steps.ghcr.outputs.has-packages == 'true' }}
+        if: ${{ steps.docker-packages.outputs.has-packages == 'true' }}
         run: echo "Packages found!"
 
       - name: No packages found, fail the job
-        if: ${{ steps.ghcr.outputs.has-packages != 'true' }}
+        if: ${{ steps.docker-packages.outputs.has-packages != 'true' }}
         run: |
           echo "No packages found in GHCR for this repository."
           exit 1
@@ -88,18 +103,18 @@ jobs:
       fail-fast: false
       matrix:
         package: ${{ fromJson(needs.debug-packages.outputs.packages) }}
-        tag: ${{ case(github.event_name == 'workflow_dispatch', fromJson(format('["{0}"]', inputs.tag)), fromJson('["latest","main"]')) }}
+        tag: ${{ (github.event_name == 'workflow_dispatch' && fromJson(format('["{0}"]', inputs.tag))) || fromJson('["main"]') }}
 
     name: "${{ format('{0}:{1}', matrix.package.path, matrix.tag) }}"
-    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@d11baa8a4b42d1a931808c0766ee23eb344c47dd # v2.2.0
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@e64a1ee2fc2f68ab44a4ef416c27d83ce36ba8e1 # v2.2.1
     with:
       target: ${{ inputs.target || 'docker' }}
       image: ${{ format('{0}:{1}', matrix.package.path, matrix.tag) }}
-      only-high-critical: ${{ case(github.event_name == 'workflow_dispatch', inputs.only-high-critical, true) }}
-      trivy-scan: ${{ case(github.event_name == 'workflow_dispatch', inputs.trivy-scan, true) }}
-      grype-scan: ${{ case(github.event_name == 'workflow_dispatch', inputs.grype-scan, true) }}
-      only-fixed: ${{ case(github.event_name == 'workflow_dispatch', inputs.only-fixed, true) }}
-      continue-on-error: ${{ case(github.event_name == 'workflow_dispatch', inputs.continue-on-error, true) }}
+      only-high-critical: ${{ github.event_name != 'workflow_dispatch' || inputs.only-high-critical }}
+      trivy-scan: ${{ github.event_name != 'workflow_dispatch' || inputs.trivy-scan }}
+      grype-scan: ${{ github.event_name != 'workflow_dispatch' || inputs.grype-scan }}
+      only-fixed: ${{ github.event_name != 'workflow_dispatch' || inputs.only-fixed }}
+      continue-on-error: ${{ github.event_name != 'workflow_dispatch' || inputs.continue-on-error }}
 
   security-scan-single:
     needs: debug-packages
@@ -109,7 +124,7 @@ jobs:
       packages: read
       contents: read
     name: "Run Security Scan (single image)"
-    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@d11baa8a4b42d1a931808c0766ee23eb344c47dd # v2.2.0
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@e64a1ee2fc2f68ab44a4ef416c27d83ce36ba8e1 # v2.2.1
     with:
       target: ${{ inputs.target || 'docker' }}
       image: ${{ inputs.image }}