pipline rewrite v4

2025-08-08 13:26:13 +00:00 · 2025-08-08 13:26:13 +00:00 · 315dd6bca7
commit 315dd6bca7
parent 16b458a249
1 changed files with 4 additions and 9 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -11,20 +11,15 @@ steps:
      - -c
      - |
        set -euo pipefail
-        # Get the image tag from the same secret you already use
+
        IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)
        REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo

-        # Install Trivy (keeps your flow, no extra images)
        apt-get update -qq
-        apt-get install -y -qq gnupg apt-transport-https curl
-        curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key \
-          | gpg --dearmor -o /usr/share/keyrings/trivy.gpg
-        echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb stable main" \
-          > /etc/apt/sources.list.d/trivy.list
-        apt-get update -qq && apt-get install -y -qq trivy
+        apt-get install -y -qq gnupg apt-transport-https curl ca-certificates docker.io
+
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | bash

-        # Auth to Artifact Registry so Trivy can pull manifests
        gcloud auth configure-docker us-central1-docker.pkg.dev -q

        trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG