Merge pull request #50 from chef/nikhil/bundle-install-grype-scan

Added config to run bundle install in grype scan if run-bundle-install is set to true

Author: nikhil2611

.github/workflows/ci-main-pull-request.yml

@@ -487,7 +487,7 @@ on:
         required: false
         type: boolean
         default: false
-      run-bundle-install: # Added to support projects without committed Gemfile.lock (e.g., chef-cli)
+      run-bundle-install:
         description: 'Run bundle install before scanning to generate Gemfile.lock at runtime'
         required: false
         type: boolean
@@ -888,6 +888,20 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Set up Ruby
+        if: ${{ inputs.language == 'ruby' && inputs.run-bundle-install == true }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: false
+
+      - name: Run bundle install to generate Gemfile.lock
+        if: ${{ inputs.language == 'ruby' && inputs.run-bundle-install == true }}
+        run: |
+          echo "Generating Gemfile.lock for Grype scan..."
+          bundle install
+          echo "Gemfile.lock generated successfully"
+
       - name: Determine severity threshold
         id: severity
         run: |