From 1350f291ddd63a0bb30845ab7494622b2df416d5 Mon Sep 17 00:00:00 2001 From: Elia el Lazkani Date: Tue, 4 Jul 2023 00:10:41 +0200 Subject: [PATCH] chore(): attaching the scan to the image --- .drone.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 138bb33..7a30b09 100644 --- a/.drone.yml +++ b/.drone.yml @@ -49,8 +49,16 @@ name: scan steps: - name: trivy-scan image: scm.project42.io/elia/tricks:latest + environment: + REGISTRY_USERNAME: + from_secret: registry_username + REGISTRY_PASSWORD: + from_secret: registry_password commands: - - trivy image --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}" + - trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}" + - export TIMESTAMP=$(date "+%F %T %Z") + - echo $TIMESTAMP + - oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json depends_on: - build @@ -73,7 +81,7 @@ steps: REGISTRY_PASSWORD: from_secret: registry_password commands: - - oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/tricks:latest + - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest when: event: - promote