[no ticket] re-order vuln scans (#3037)

### Time to review: __1 mins__ ## Changes proposed Changes the grype vuln scan that outputs to stdout to run last ## Context for reviewers Right now, Github Actions expands the last failing action within a PR: <img width="704" alt="image" src="https://github.com/user-attachments/assets/007f1af7-8dba-404e-a185-7135d43095e7"> The UX of this is poor, because second the anchor/grype scan action doesn't output anything to stdout. With this change, the action that outputs to stdout will run second, so you should get a better experience when you click into the actions run for a failing PR.
HHS · Dec 2, 2024 · a2ce07d · a2ce07d
1 parent 56d7573
commit a2ce07d
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/.github/workflows/vulnerability-scans.yml b/.github/workflows/vulnerability-scans.yml
@@ -191,24 +191,25 @@ jobs:
           docker load < /tmp/docker-image.tar
 
       - name: Run Anchore vulnerability scan
+        if: always() # Runs even if there is a failure
         uses: anchore/scan-action@v4
+        id: anchore-scan-json
         with:
           image: ${{ needs.build-and-cache.outputs.image }}
-          output-format: table
+          output-format: json
           fail-build: true
           severity-cutoff: medium
 
       - name: Run Anchore vulnerability scan
         if: always() # Runs even if there is a failure
         uses: anchore/scan-action@v4
-        id: anchore-scan-json
         with:
           image: ${{ needs.build-and-cache.outputs.image }}
-          output-format: json
+          output-format: table
           fail-build: true
           severity-cutoff: medium
 
-      - name: Save output to workflow summary
+      - name: Print output to workflow summary
         if: always() # Runs even if there is a failure
         run: |
           jq '.matches | map(.artifact | { name, version, location: .locations[0].path })' ${{ steps.anchore-scan-json.outputs.json }}