chore(): attaching the scan to the image
All checks were successful
continuous-integration/drone/promote/production Build is passing
continuous-integration/drone/push Build is passing

This commit is contained in:
Elia el Lazkani 2023-07-04 00:10:41 +02:00
parent 88619706c1
commit 1350f291dd

View file

@ -49,8 +49,16 @@ name: scan
steps: steps:
- name: trivy-scan - name: trivy-scan
image: scm.project42.io/elia/tricks:latest image: scm.project42.io/elia/tricks:latest
environment:
REGISTRY_USERNAME:
from_secret: registry_username
REGISTRY_PASSWORD:
from_secret: registry_password
commands: commands:
- trivy image --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}" - trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
- export TIMESTAMP=$(date "+%F %T %Z")
- echo $TIMESTAMP
- oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json
depends_on: depends_on:
- build - build
@ -73,7 +81,7 @@ steps:
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry_password from_secret: registry_password
commands: commands:
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/tricks:latest - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest
when: when:
event: event:
- promote - promote