chore(): Promote image to post scran after successful scan
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a481e99ac3
commit
67cdb1288e
1 changed files with 15 additions and 3 deletions
18
.drone.yml
18
.drone.yml
|
|
@ -22,10 +22,22 @@ steps:
|
||||||
|
|
||||||
- name: trivy-scan
|
- name: trivy-scan
|
||||||
image: scm.project42.io/elia/trivy:production
|
image: scm.project42.io/elia/trivy:production
|
||||||
privileged: true
|
|
||||||
commands:
|
commands:
|
||||||
- /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:pre-scan
|
- /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:"${DRONE_COMMIT_SHA:0:8}"
|
||||||
failure: ignore
|
depends_on:
|
||||||
|
- test-build-container
|
||||||
|
|
||||||
|
- name: retag-container
|
||||||
|
image: ghcr.io/oras-project/oras:v1.0.0
|
||||||
|
environment:
|
||||||
|
REGISTRY_USERNAME:
|
||||||
|
from_secret: registry_username
|
||||||
|
REGISTRY_PASSWORD:
|
||||||
|
from_secret: registry_password
|
||||||
|
commands:
|
||||||
|
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/trivy:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/trivy:post-scan
|
||||||
|
depends_on:
|
||||||
|
- trivy-scan
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
exclude:
|
exclude:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue