Description
The vulnerability check job in the CI pipeline currently fails when vulnerabilities are found. This blocks PRs and releases even though vulnerabilities may be in dependencies and not actionable immediately.
Current Behavior
- Dagger
VulnerabilityCheckReport uses || true to always pass (correct)
- But the workflow step still fails with
exit 1 if "No vulnerabilities found." is not in the report
Expected Behavior
- Vulnerability check should report findings in the summary
- Should not fail the pipeline
- Allows maintainers to review and address vulnerabilities without blocking CI
Related
Files to Change
.github/workflows/default.yaml - Remove exit 1 from vulnerability summary step
Description
The vulnerability check job in the CI pipeline currently fails when vulnerabilities are found. This blocks PRs and releases even though vulnerabilities may be in dependencies and not actionable immediately.
Current Behavior
VulnerabilityCheckReportuses|| trueto always pass (correct)exit 1if "No vulnerabilities found." is not in the reportExpected Behavior
Related
Files to Change
.github/workflows/default.yaml- Removeexit 1from vulnerability summary step