Skip to content

Commit a9c61d1

Browse files
leonid-lapshin-covergoleonid-lapshin-covergo
authored
fixed authentication to the repo for a trivy job (#57)
1 parent 953da6e commit a9c61d1

File tree

2 files changed

+9
-14
lines changed

2 files changed

+9
-14
lines changed

.gflows/libs/job_scan_image.lib.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
#@ load("@ytt:struct", "struct")
33
#@ load("tagging.lib.yml", "tagging")
44
#@ load("job_docker_publish_alicloud.lib.yml", "get_docker_publish_alicloud_job_ids")
5-
#@ load("steps.lib.yml", "steps")
65

76
---
87
#@ def generate_scan_image_job(image_name, services, registry):
@@ -15,13 +14,15 @@
1514
- #@ alicloud_job_id
1615
#@ end
1716
steps:
18-
- #@ steps.login_docker(registry)
1917
- name: Run Trivy vulnerability scanner
2018
uses: aquasecurity/trivy-action@master
2119
with:
2220
image-ref: #@ "{}/{}:{}".format(registry.url, image_name, "${{ needs.version.outputs.app_version }}")
2321
format: 'table'
2422
vuln-type: 'os,library'
2523
severity: 'CRITICAL,HIGH'
24+
env:
25+
TRIVY_USERNAME: #@ getattr(registry, "user", "${{ github.repository_owner }}")
26+
TRIVY_PASSWORD: #@ getattr(registry, "password","${{ secrets.GITHUB_TOKEN }}")
2627
#@ end
2728
---

github-sample/workflows/build-publish.yml

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1245,19 +1245,16 @@ jobs:
12451245
- docker-publish-alicloud-auth-service
12461246
- docker-publish-alicloud-auth-predeployment
12471247
steps:
1248-
- name: Login to AliCloud Container Registry
1249-
uses: docker/login-action@v2
1250-
with:
1251-
registry: registry-intl.cn-hongkong.aliyuncs.com
1252-
username: ${{ secrets.ALI_CONTAINER_REGISTRY_USER }}
1253-
password: ${{ secrets.ALI_CONTAINER_REGISTRY_PASSWORD }}
12541248
- name: Run Trivy vulnerability scanner
12551249
uses: aquasecurity/trivy-action@master
12561250
with:
12571251
image-ref: registry-intl.cn-hongkong.aliyuncs.com/covergo/auth:${{ needs.version.outputs.app_version }}
12581252
format: table
12591253
vuln-type: os,library
12601254
severity: CRITICAL,HIGH
1255+
env:
1256+
TRIVY_USERNAME: ${{ secrets.ALI_CONTAINER_REGISTRY_USER }}
1257+
TRIVY_PASSWORD: ${{ secrets.ALI_CONTAINER_REGISTRY_PASSWORD }}
12611258
scan-image-auth-predeployment:
12621259
name: Trivy scan
12631260
runs-on: ubuntu-latest
@@ -1267,19 +1264,16 @@ jobs:
12671264
- docker-publish-alicloud-auth-service
12681265
- docker-publish-alicloud-auth-predeployment
12691266
steps:
1270-
- name: Login to AliCloud Container Registry
1271-
uses: docker/login-action@v2
1272-
with:
1273-
registry: registry-intl.cn-hongkong.aliyuncs.com
1274-
username: ${{ secrets.ALI_CONTAINER_REGISTRY_USER }}
1275-
password: ${{ secrets.ALI_CONTAINER_REGISTRY_PASSWORD }}
12761267
- name: Run Trivy vulnerability scanner
12771268
uses: aquasecurity/trivy-action@master
12781269
with:
12791270
image-ref: registry-intl.cn-hongkong.aliyuncs.com/covergo/auth-predeployment:${{ needs.version.outputs.app_version }}
12801271
format: table
12811272
vuln-type: os,library
12821273
severity: CRITICAL,HIGH
1274+
env:
1275+
TRIVY_USERNAME: ${{ secrets.ALI_CONTAINER_REGISTRY_USER }}
1276+
TRIVY_PASSWORD: ${{ secrets.ALI_CONTAINER_REGISTRY_PASSWORD }}
12831277
deploy-tenant-tahoe:
12841278
if: ${{ needs.version.outputs.is_production == 'true' }}
12851279
runs-on: self-hosted

0 commit comments

Comments
 (0)