mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-06 17:46:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

update trivy workflow

Browse Source
This commit is contained in:
Raffaele Di Fazio 2021-11-07 13:00:57 +01:00 committed by GitHub
parent c9e0c919a1
commit 56ea6f5dc9
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/trivy.yml vendored
View File

@ -10,18 +10,10 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Build an image from Dockerfile - name: Build an image from Dockerfile
run: | run: |
make build.docker make build.docker
- name: Run trivy
- uses: cachix/install-nix-action@v13 run: |
with: ./scripts/run-trivy.sh
nix_path: nixpkgs=channel:nixos-unstable
- uses: workflow/nix-shell-action@v1
with:
packages: trivy
script: |
make build.docker
./scripts/run-trivy.sh

10
scripts/run-trivy.sh
View File

@ -1,3 +1,11 @@
#! /bin/bash #! /bin/bash
set -e
trivy image --exit-code 1 us.gcr.io/k8s-artifacts-prod/external-dns/external-dns:$(git describe --tags --always --dirty) # install trivy
curl -LO https://github.com/aquasecurity/trivy/releases/download/v0.20.2/trivy_0.20.2_Linux-64bit.tar.gz
echo "38a6de48e21a34e0fa0d2cf63439c0afcbbae0e78fb3feada7a84a9cf6e7f60c trivy_0.20.2_Linux-64bit.tar.gz" | sha256sum -c
tar -xvf trivy_0.20.2_Linux-64bit.tar.gz
chmod +x trivy
# run trivy
./trivy image --exit-code 1 us.gcr.io/k8s-artifacts-prod/external-dns/external-dns:$(git describe --tags --always --dirty)