在 dotnet 项目中发现易受攻击的 nuget 包时，使 GitHub Actions CI 构建失败时出错

我正在检查当解决方案中的项目中发现易受攻击的 nuget 包时使 GitHub Actions CI 构建失败的方法。这是repo

最初，我在

deployment.yml

# Check Vulnerable Nuget Packages
- name: Checking Vulnerable Nuget Packages
  run: dotnet list package --vulnerable --include-transitive

但这并不会使构建失败。因此，经过一番谷歌搜索后，我发现当按照以下文章发现易受攻击的包时，构建可能会失败。所以我将上面的yml修改如下，

# Check Vulnerable Nuget Packages
- name: Checking Vulnerable Nuget Packages
  run: |
    dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
    echo "Analyze dotnet vulnerable nuget package command log output..."
    grep -q -i "critical\|high\|moderate\|low" build.log; [ $? -eq 0 ] && echo "Security Vulnerabilities found in Nuget Packages on the log output" && exit 1

这是上述命令的日志，

Run dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
  dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
  echo "Analyze dotnet vulnerable nuget package command log output..."
  grep -q -i "critical\|high\|moderate\|low" build.log; [ $? -eq 0 ] && echo "Security Vulnerabilities found in Nuget Packages on the log output" && exit 1
  shell: /usr/bin/bash -e {0}
  env:
    DOTNET_ROOT: /usr/share/dotnet

The following sources were used:
   https://api.nuget.org/v3/index.json

The given project `Web` has no vulnerable packages given the current sources.
The given project `BaseComponents` has no vulnerable packages given the current sources.
The given project `BlazorDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedModels` has no vulnerable packages given the current sources.
The given project `OOPSDemoComponents` has no vulnerable packages given the current sources.
The given project `UITests` has no vulnerable packages given the current sources.
The given project `DependencyInjectionDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedComponents` has no vulnerable packages given the current sources.
The given project `LINQDemoComponents` has no vulnerable packages given the current sources.
The given project `DesignPatternDemoComponents` has no vulnerable packages given the current sources.
The given project `ReportDemoComponents` has no vulnerable packages given the current sources.
The given project `HTTPClientDemoComponents` has no vulnerable packages given the current sources.
The given project `MiddlewareDemoComponents` has no vulnerable packages given the current sources.
The given project `PythonDemoComponents` has no vulnerable packages given the current sources.
The given project `SOLIDDemoComponents` has no vulnerable packages given the current sources.
The given project `TDDDemoComponents` has no vulnerable packages given the current sources.
The given project `WebAPIDemoComponents` has no vulnerable packages given the current sources.
The given project `CommonComponents` has no vulnerable packages given the current sources.
Analyze dotnet vulnerable nuget package command log output...
Security Vulnerabilities found in Nuget Packages on the log output
Error: Process completed with exit code 1.

上面的日志显示任何项目中都没有易受攻击的包，但构建仍然失败。所以我决定打印

build.log

- name: Checking Vulnerable Nuget Packages
  run: |
    dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
    echo "printing build.log..."
    cat build.log
    echo "Analyze dotnet vulnerable nuget package command log output..."
    grep -q -i "critical\|high\|moderate\|low" build.log; [ $? -eq 0 ] && echo "Security Vulnerabilities found in Nuget Packages on the log output" && exit 1

这是上述命令的输出，

Run dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
  dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
  echo "printing build.log..."
  cat build.log
  echo "Analyze dotnet vulnerable nuget package command log output..."
  grep -q -i "critical\|high\|moderate\|low" build.log; [ $? -eq 0 ] && echo "Security Vulnerabilities found in Nuget Packages on the log output" && exit 1
  shell: /usr/bin/bash -e {0}
  env:
    DOTNET_ROOT: /usr/share/dotnet

The following sources were used:
   https://api.nuget.org/v3/index.json

The given project `Web` has no vulnerable packages given the current sources.
The given project `BaseComponents` has no vulnerable packages given the current sources.
The given project `BlazorDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedModels` has no vulnerable packages given the current sources.
The given project `OOPSDemoComponents` has no vulnerable packages given the current sources.
The given project `UITests` has no vulnerable packages given the current sources.
The given project `DependencyInjectionDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedComponents` has no vulnerable packages given the current sources.
The given project `LINQDemoComponents` has no vulnerable packages given the current sources.
The given project `DesignPatternDemoComponents` has no vulnerable packages given the current sources.
The given project `ReportDemoComponents` has no vulnerable packages given the current sources.
The given project `HTTPClientDemoComponents` has no vulnerable packages given the current sources.
The given project `MiddlewareDemoComponents` has no vulnerable packages given the current sources.
The given project `PythonDemoComponents` has no vulnerable packages given the current sources.
The given project `SOLIDDemoComponents` has no vulnerable packages given the current sources.
The given project `TDDDemoComponents` has no vulnerable packages given the current sources.
The given project `WebAPIDemoComponents` has no vulnerable packages given the current sources.
The given project `CommonComponents` has no vulnerable packages given the current sources.
printing build.log...

The following sources were used:
   https://api.nuget.org/v3/index.json

The given project `Web` has no vulnerable packages given the current sources.
The given project `BaseComponents` has no vulnerable packages given the current sources.
The given project `BlazorDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedModels` has no vulnerable packages given the current sources.
The given project `OOPSDemoComponents` has no vulnerable packages given the current sources.
The given project `UITests` has no vulnerable packages given the current sources.
The given project `DependencyInjectionDemoComponents` has no vulnerable packages given the current sources.
The given project `SharedComponents` has no vulnerable packages given the current sources.
The given project `LINQDemoComponents` has no vulnerable packages given the current sources.
The given project `DesignPatternDemoComponents` has no vulnerable packages given the current sources.
The given project `ReportDemoComponents` has no vulnerable packages given the current sources.
The given project `HTTPClientDemoComponents` has no vulnerable packages given the current sources.
The given project `MiddlewareDemoComponents` has no vulnerable packages given the current sources.
The given project `PythonDemoComponents` has no vulnerable packages given the current sources.
The given project `SOLIDDemoComponents` has no vulnerable packages given the current sources.
The given project `TDDDemoComponents` has no vulnerable packages given the current sources.
The given project `WebAPIDemoComponents` has no vulnerable packages given the current sources.
The given project `CommonComponents` has no vulnerable packages given the current sources.
Analyze dotnet vulnerable nuget package command log output...
Security Vulnerabilities found in Nuget Packages on the log output
Error: Process completed with exit code 1.

构建仍然失败。请你能帮我理解我在这个命令中做错了什么吗？ grep 命令有问题吗？