chore(): attaching the scan to the image
This commit is contained in:
parent
88619706c1
commit
1350f291dd
1 changed files with 10 additions and 2 deletions
12
.drone.yml
12
.drone.yml
|
@ -49,8 +49,16 @@ name: scan
|
||||||
steps:
|
steps:
|
||||||
- name: trivy-scan
|
- name: trivy-scan
|
||||||
image: scm.project42.io/elia/tricks:latest
|
image: scm.project42.io/elia/tricks:latest
|
||||||
|
environment:
|
||||||
|
REGISTRY_USERNAME:
|
||||||
|
from_secret: registry_username
|
||||||
|
REGISTRY_PASSWORD:
|
||||||
|
from_secret: registry_password
|
||||||
commands:
|
commands:
|
||||||
- trivy image --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
|
- trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
|
||||||
|
- export TIMESTAMP=$(date "+%F %T %Z")
|
||||||
|
- echo $TIMESTAMP
|
||||||
|
- oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- build
|
- build
|
||||||
|
@ -73,7 +81,7 @@ steps:
|
||||||
REGISTRY_PASSWORD:
|
REGISTRY_PASSWORD:
|
||||||
from_secret: registry_password
|
from_secret: registry_password
|
||||||
commands:
|
commands:
|
||||||
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/tricks:latest
|
- oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
|
|
Loading…
Reference in a new issue