jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pipline rewrite v4

Browse Source
This commit is contained in:
Josh 2025-08-08 13:26:13 +00:00
parent 16b458a249
commit 315dd6bca7
1 changed files with 4 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.woodpecker.yml
View File

@ -11,20 +11,15 @@ steps:
- -c - -c
- | - |
set -euo pipefail set -euo pipefail
# Get the image tag from the same secret you already use
IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev) IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)
REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
# Install Trivy (keeps your flow, no extra images)
apt-get update -qq apt-get update -qq
apt-get install -y -qq gnupg apt-transport-https curl apt-get install -y -qq gnupg apt-transport-https curl ca-certificates docker.io
curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key \
| gpg --dearmor -o /usr/share/keyrings/trivy.gpg curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | bash
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb stable main" \
> /etc/apt/sources.list.d/trivy.list
apt-get update -qq && apt-get install -y -qq trivy
# Auth to Artifact Registry so Trivy can pull manifests
gcloud auth configure-docker us-central1-docker.pkg.dev -q gcloud auth configure-docker us-central1-docker.pkg.dev -q
trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG