Skip to content

Commit b7f96f6

Browse files
patrickcrockerpatrickcrocker
committed
ci/fly-login
initial commit
1 parent 1b75a78 commit b7f96f6

1 file changed

Lines changed: 36 additions & 40 deletions

File tree

pipeline.yml

Lines changed: 36 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -99,49 +99,53 @@ jobs:
9999
ccr-cf-cli-version: 8
100100

101101
- name: scan-image
102+
serial: true
102103
plan:
103104
- in_parallel:
104105
- get: cf-cli-resource
105-
passed: [test-cf-cli-v6, test-cf-cli-v7, test-cf-cli-v8]
106106
- get: resource-image-dev
107-
resource: resource-image-dev
108107
passed: [test-cf-cli-v6, test-cf-cli-v7, test-cf-cli-v8]
109108
params: {format: oci}
110109
trigger: true
111110
- get: trivy
112111
trigger: true
113-
- get: trivy-db
114-
trigger: true
115-
params:
116-
globs:
117-
- trivy-offline.db.tgz
118-
- task: scan
112+
- task: extract-trivy-db
113+
file: cf-cli-resource/ci/tasks/extract-trivy-db.yml
114+
image: trivy
115+
- task: scan-image
116+
file: cf-cli-resource/ci/tasks/scan-image.yml
119117
image: trivy
120-
config:
121-
platform: linux
122-
inputs:
123-
- name: cf-cli-resource
124-
- name: resource-image-dev
125-
path: image
126-
- name: trivy-db
127-
run:
128-
path: sh
129-
args:
130-
- -c
131-
- |
132-
mkdir db
133-
tar -xzf trivy-db/trivy-offline.db.tgz -C ./db
118+
input_mapping:
119+
image: resource-image-dev
120+
params:
121+
IGNORE_POLICY_FILE: cf-cli-resource/ci/trivy-ignore.rego
122+
# - task: scan
123+
# image: trivy
124+
# config:
125+
# platform: linux
126+
# inputs:
127+
# - name: cf-cli-resource
128+
# - name: resource-image-dev
129+
# path: image
130+
# - name: trivy-db
131+
# run:
132+
# path: sh
133+
# args:
134+
# - -c
135+
# - |
136+
# mkdir db
137+
# tar -xzf trivy-db/trivy-offline.db.tgz -C ./db
134138

135-
trivy \
136-
--cache-dir $(pwd) \
137-
image \
138-
--severity "HIGH,CRITICAL" \
139-
--ignore-unfixed \
140-
--exit-code 1 \
141-
--input image/image.tar \
142-
--skip-files opt/cf-cli-7.5.0/cf7 \
143-
--skip-files opt/cf-cli-8.4.0/cf8 \
144-
--skip-files /usr/local/bin/yq
139+
# trivy \
140+
# --cache-dir $(pwd) \
141+
# image \
142+
# --severity "HIGH,CRITICAL" \
143+
# --ignore-unfixed \
144+
# --exit-code 1 \
145+
# --input image/image.tar \
146+
# --skip-files opt/cf-cli-7.5.0/cf7 \
147+
# --skip-files opt/cf-cli-8.4.0/cf8 \
148+
# --skip-files /usr/local/bin/yq
145149

146150
- name: shipit
147151
public: true
@@ -337,14 +341,6 @@ resources:
337341
username: ((docker.username))
338342
password: ((docker.password))
339343

340-
- name: trivy-db
341-
type: github-release
342-
icon: database
343-
source:
344-
owner: aquasecurity
345-
repository: trivy-db
346-
access_token: ((github_access_token))
347-
348344
- name: github-release
349345
type: github-release
350346
icon: package-variant-closed

0 commit comments

Comments
 (0)