how to stop step in githubaction work flow

Hi All,

I have a requriment to execute on step that will  do anchore action scan of paticulr image. if any issues found in image it will forcefully i am passing the step. next step i am parsing scan result by parsing scaned results json file. here i will get scan passed or fail and some issues conent to display in slack integration. post these steps i want to stop the job forcefully.please let me know how to stop the step/job based on condition

Hi @vinodreddye , 

If you want to stop a step, you could just run exit 1  in your scripts. The step will fail with exit code 1. 

In next step, if you want it to run , you could add if: failure() . 

For example: 

    - uses: actions/checkout@v2
    - name: print secrets
      run: |
          exit 1
      shell: bash
    - name: cancelling
      if: failure()
      uses: andymckay/cancel-action@0.2

If I misunderstanding your requirement, please feel free to provide an example of your scenario. 

- id: scan
      name: Anchore image scan
      uses: anchore/scan-action@master
        image-reference:${{ env.GKE_PROJECT }}/${{ env.IMAGE }}:${{ github.sha }}
        dockerfile-path: "./Dockerfile"
        fail-build: false
        custom-policy-path: .anchore/storebrand_security_policy.json

    - name: Parsing scan data
      run: |
        export SCAN_RESULTS="$(cat ./anchore-reports/policy_evaluation.json | jq -c '[.. | objects | select(has("rows")) | {vulnerabilities:.rows[][5]}]')"
        export SCAN_STATUS="$(cat ./anchore-reports/policy_evaluation.json | jq -c '.[] | .[] | .[] | .[] |.status')"
        export COUNT="$(cat ./anchore-reports/policy_evaluation.json| jq -c '.. | objects | select(has("rows")) | .row_count')"
        echo "::set-env name=IMAGE_SCAN_RESULTS::$SCAN_RESULTS"
        echo "::set-env name=IAMGE_SCAN_STATUS::$SCAN_STATUS"
        echo "::set-env name=IMAGE_VULN_COUNT::$COUNT"

    - name: Slack Notification for Scan data
      if: ${{env.IAMGE_SCAN_STATUS== 'fail'}}
      uses: rtCamp/action-slack-notify@v2.0.2
        SLACK_CHANNEL: image-vulnerabilities-alerts
        SLACK_TITLE: ${{env.IMAGE_VULN_COUNT}}- HIGH vulnerabilities found - build failed
        SLACK_USERNAME: AnchoreScan
        SLACK_COLOR: '#FF0000'

First image scan step executes, here  forcefully continuing workflow by adding ‘failed-build: false’ argument. post step i am parsing scan results. till this step it working properly. my next step slack notification should sent only failed case but its always skiping the step(this is one issue)(if: ${{env.IAMGE_SCAN_STATUS== ‘fail’}} ) and i need to add another step to stop job if scan status is fail. 

Could you please enable step debug logging to check the IAMGE_SCAN_STATUS value ? And it will helpful to know why the “slack notification” step is skipped. 

And there is an action to cancel current workflow run :  

if: env.IAMGE_SCAN_STATUS == 'fail'

This issue got resolved. issue with string quotes ‘“fail”’ . i enabled debug logs and resolved.

I am very glad to hear that you have resolved your issue. 

What’s I want to add is that when you use expressions in an if conditional, you may omit the expression syntax (${{ }}) because GitHub automatically evaluates the if conditional as an expression. 

And if you don’t need debug logs anymore, you could disable it to keep the log succinct.