github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Tag PR image build as latest before scanning

Browse Source 
This is less effort than passing the tag across steps 🤷‍♂️

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 378edb939d)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
pull/10873/head
Brad Davidson 3 months ago committed by Brad Davidson
parent ebc4e505ea
commit c0877f34b6
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
.github/workflows/trivy.yaml vendored
Unescape View File

@ -27,11 +27,12 @@ jobs:
run: | run: |
make local make local
make package-image make package-image
make tag-image-latest
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0 uses: aquasecurity/trivy-action@0.24.0
with: with:
image-ref: 'rancher/k3s' image-ref: 'rancher/k3s:latest'
format: 'table' format: 'table'
severity: "HIGH,CRITICAL" severity: "HIGH,CRITICAL"
output: "trivy-report.txt" output: "trivy-report.txt"

15
scripts/tag-image-latest
Unescape View File

@ -0,0 +1,15 @@
#!/bin/bash
set -e
cd $(dirname $0)/..
. ./scripts/version.sh
TAG=${TAG:-${VERSION_TAG}${SUFFIX}}
REPO=${REPO:-rancher}
IMAGE_NAME=${IMAGE_NAME:-k3s}
IMAGE=${REPO}/${IMAGE_NAME}:${TAG}
LATEST=${REPO}/${IMAGE_NAME}:latest
docker image tag ${IMAGE} ${LATEST}
echo Tagged ${IMAGE} as ${LATEST}
Write Preview
Loading…
Cancel
Save