From 696ed2387caa9ebf8bb164a2f8d9d4f453bbb5f4 Mon Sep 17 00:00:00 2001
From: Michael Long <mlongii@amazon.com>
Date: Fri, 8 Mar 2024 14:51:36 -0500
Subject: [PATCH] change output to filepath

---
 .github/workflows/archive.yml           |  4 ++--
 .github/workflows/binary.yml            |  6 -----
 .github/workflows/container_remote.yml  |  6 -----
 .github/workflows/container_tarball.yml |  6 -----
 .github/workflows/demo.yml              |  6 -----
 .github/workflows/docker_build.yml      |  6 -----
 .github/workflows/repository.yml        |  6 -----
 entrypoint/entrypoint/orchestrator.py   | 30 ++-----------------------
 8 files changed, 4 insertions(+), 66 deletions(-)

diff --git a/.github/workflows/archive.yml b/.github/workflows/archive.yml
index c05d362..b43e8e3 100644
--- a/.github/workflows/archive.yml
+++ b/.github/workflows/archive.yml
@@ -29,10 +29,10 @@ jobs:
           output_inspector_scan_path: 'archive_scan.json'
 
       - name: Demonstrate SBOM Output
-        run: cat archive_sbom.json
+        run: cat ${{ steps.inspector.outputs.artifact_sbom }}
  
       - name: Demonstrate Inspector Scan Output
-        run: cat archive_scan.json
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
 
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
diff --git a/.github/workflows/binary.yml b/.github/workflows/binary.yml
index be8d9fb..35e489a 100644
--- a/.github/workflows/binary.yml
+++ b/.github/workflows/binary.yml
@@ -28,12 +28,6 @@ jobs:
           output_sbom_path: 'sbomgen_sbom.json'
           output_inspector_scan_path: 'sbomgen_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/.github/workflows/container_remote.yml b/.github/workflows/container_remote.yml
index 29eb9b4..617264a 100644
--- a/.github/workflows/container_remote.yml
+++ b/.github/workflows/container_remote.yml
@@ -40,12 +40,6 @@ jobs:
           output_sbom_path: 'alpine_sbom.json'
           output_inspector_scan_path: 'alpine_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/.github/workflows/container_tarball.yml b/.github/workflows/container_tarball.yml
index 1b2ec32..858d2dd 100644
--- a/.github/workflows/container_tarball.yml
+++ b/.github/workflows/container_tarball.yml
@@ -28,12 +28,6 @@ jobs:
           output_sbom_path: 'tarball_sbom.json'
           output_inspector_scan_path: 'tarball_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
index 011a4da..3c48174 100644
--- a/.github/workflows/demo.yml
+++ b/.github/workflows/demo.yml
@@ -28,12 +28,6 @@ jobs:
           output_sbom_path: 'sbom.json'
           output_inspector_scan_path: 'inspector_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml
index 5bfe398..6cf9a47 100644
--- a/.github/workflows/docker_build.yml
+++ b/.github/workflows/docker_build.yml
@@ -47,12 +47,6 @@ jobs:
           output_sbom_path: 'debug_sbom.json'
           output_inspector_scan_path: 'debug_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/.github/workflows/repository.yml b/.github/workflows/repository.yml
index e885bc1..7fcc9b7 100644
--- a/.github/workflows/repository.yml
+++ b/.github/workflows/repository.yml
@@ -28,12 +28,6 @@ jobs:
           output_sbom_path: 'repo_sbom.json'
           output_inspector_scan_path: 'repo_scan.json'
 
-      - name: Demonstrate SBOM Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }}
-
-      - name: Demonstrate Inspector Scan Output
-        run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }}
-
       - name: Upload Inspector Scan Results
         uses: actions/upload-artifact@v4
         continue-on-error: true
diff --git a/entrypoint/entrypoint/orchestrator.py b/entrypoint/entrypoint/orchestrator.py
index 779a896..f410473 100644
--- a/entrypoint/entrypoint/orchestrator.py
+++ b/entrypoint/entrypoint/orchestrator.py
@@ -30,14 +30,6 @@ def set_github_output(key, value):
         logging.info("skipping GitHub Actions outputs because we are not running in GitHub")
         return 0
 
-    size_in_mb = (sys.getsizeof(value)) / (1024 * 1024)
-    if size_in_mb > 1:
-        s = f"unable to set output '{key}' because it is larger than GitHub's maximum allowed file size (1MB); actual size: {size_in_mb}"
-        logging.warning(s)
-        compressed_contents = zlib.compress(s.encode())
-        encoded = base64.b64encode(compressed_contents).decode()
-        value = encoded
-
     cmd = f'echo {key}="{value}" >> $GITHUB_OUTPUT'
     return os.system(cmd)
 
@@ -123,16 +115,7 @@ def invoke_sbomgen(args) -> int:
     if ret != 0:
         return ret
 
-    # encode and compress sbom so we can set
-    # contents as a GitHub Output, which has a 1MB limit
-    encoded_sbom = ""
-    try:
-        encoded_sbom = compress_encode_file(args.out_sbom)
-    except Exception as e:
-        logging.error(e)
-        return 1
-
-    ret = set_github_output("artifact_sbom", encoded_sbom)
+    ret = set_github_output("artifact_sbom", args.out_sbom)
     if ret != 0:
         logging.error("unable to set GitHub output for 'artifact_sbom'")
         return ret
@@ -155,16 +138,7 @@ def invoke_inspector_scan(src_sbom, dst_scan):
     if ret != 0:
         return ret
 
-    # encode and compress sbom so we can set
-    # contents as a GitHub Output, which has a 1MB limit
-    encoded_scan = ""
-    try:
-        encoded_scan = compress_encode_file(dst_scan)
-    except Exception as e:
-        logging.error(e)
-        return 1
-
-    if set_github_output("inspector_scan_results", encoded_scan) != 0:
+    if set_github_output("inspector_scan_results", dst_scan) != 0:
         logging.error("unable to set GitHub output for 'inspector_scan_results'")
 
     return ret