elia/tricks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

chore(): Migrates trivy to remote mode
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Elia el Lazkani 2023-07-03 20:41:23 +02:00
parent c594440ac9
commit a481e99ac3
2 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.drone.yml
View file

@ -13,9 +13,8 @@ steps:
password: password:
from_secret: registry_password from_secret: registry_password
repo: scm.project42.io/elia/trivy repo: scm.project42.io/elia/trivy
dry_run: true dry_run: false
squash: true squash: true
purge: false
compress: true compress: true
tags: tags:
- pre-scan - pre-scan
@ -25,8 +24,7 @@ steps:
image: scm.project42.io/elia/trivy:production image: scm.project42.io/elia/trivy:production
privileged: true privileged: true
commands: commands:
- /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock - /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:pre-scan
- /usr/local/bin/dockerd-entrypoint.sh /usr/local/bin/trivy image scm.project42.io/elia/trivy:pre-scan
failure: ignore failure: ignore
trigger: trigger:
@ -51,6 +49,7 @@ steps:
repo: scm.project42.io/elia/trivy repo: scm.project42.io/elia/trivy
dry_run: false dry_run: false
squash: true squash: true
compress: true
tags: tags:
- production - production
- "${DRONE_COMMIT_SHA:0:8}" - "${DRONE_COMMIT_SHA:0:8}"

5
Dockerfile
View file

@ -1,8 +1,7 @@
FROM docker:dind FROM alpine
MAINTAINER Elia El Lazkani <git@lazkani.io> MAINTAINER Elia El Lazkani <git@lazkani.io>
ARG ORAS_VERSION="1.0.0" ARG ORAS_VERSION="1.0.0"
ENV DOCKER_HOST=unix:///var/run/docker.sock
RUN apk add --virtual .build-deps curl && \ RUN apk add --virtual .build-deps curl && \
export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
@ -14,4 +13,4 @@ RUN apk add --virtual .build-deps curl && \
ln -s /opt/trivy/trivy /usr/local/bin/trivy && \ ln -s /opt/trivy/trivy /usr/local/bin/trivy && \
apk del .build-deps apk del .build-deps
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/usr/local/bin/trivy"] ENTRYPOINT ["/usr/local/bin/trivy"]