chore(): Revising pipeline for promotion
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/promote/production Build is passing

This commit is contained in:
Elia el Lazkani 2023-07-04 18:35:12 +02:00
parent 1350f291dd
commit 8be346259b
2 changed files with 27 additions and 0 deletions

View file

@ -36,6 +36,10 @@ steps:
- "${DRONE_COMMIT_SHA:0:8}" - "${DRONE_COMMIT_SHA:0:8}"
depends_on: depends_on:
- test-build-container - test-build-container
when:
event:
exclude:
- promote
trigger: trigger:
exclude: exclude:
@ -55,10 +59,15 @@ steps:
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry_password from_secret: registry_password
commands: commands:
- trivy image --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
- trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}" - trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
- export TIMESTAMP=$(date "+%F %T %Z") - export TIMESTAMP=$(date "+%F %T %Z")
- echo $TIMESTAMP - echo $TIMESTAMP
- oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json - oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json
when:
event:
exclude:
- promote
depends_on: depends_on:
- build - build
@ -81,6 +90,7 @@ steps:
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry_password from_secret: registry_password
commands: commands:
- scripts/get-scan-report.sh "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}"
- oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest
when: when:
event: event:

17
scripts/get-scan-report.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/sh
set -e
image=$@
image_information=$(oras discover --artifact-type application/json "$image")
#printf "$image_information\n"
printf "Found image $image...\n"
report_digest=$(echo "$image_information" | tail -n1 | awk -F ' ' '{print $2}')
#printf "$report_digest\n"
printf "Found digests for scan report...\n"
image_base=$(echo "$image" | awk -F ':' '{print $1}')
printf "Pulling $image_base:@$report_digest...\n"
oras pull "$image_base:@$report_digest"