From 64fab06e8a8a5f0893e44069e563ed517b758263 Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 8 Aug 2025 13:29:05 +0000 Subject: [PATCH] pipeline rewrite v5 --- .woodpecker.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 09e2a51..0d87cbd 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -11,21 +11,24 @@ steps: - -c - | set -euo pipefail - IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev) REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo - apt-get update -qq - apt-get install -y -qq gnupg apt-transport-https curl ca-certificates docker.io + # Fetch Trivy standalone binary (no apt, no docker required) + TRIVY_VERSION=0.52.0 + curl -fsSL -o /tmp/trivy.tgz \ + "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + tar -xzf /tmp/trivy.tgz -C /usr/local/bin trivy + chmod +x /usr/local/bin/trivy - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | bash + # Auth to Artifact Registry for Trivy's registry client + export TRIVY_USERNAME=oauth2accesstoken + export TRIVY_PASSWORD="$(gcloud auth print-access-token)" - gcloud auth configure-docker us-central1-docker.pkg.dev -q - - trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG - trivy image --exit-code 1 --severity CRITICAL $REG/server2:$IMG_TAG - trivy image --exit-code 1 --severity CRITICAL $REG/server3:$IMG_TAG - trivy image --exit-code 1 --severity CRITICAL $REG/nginx:$IMG_TAG + trivy image --exit-code 1 --severity CRITICAL "$REG/server1:$IMG_TAG" + trivy image --exit-code 1 --severity CRITICAL "$REG/server2:$IMG_TAG" + trivy image --exit-code 1 --severity CRITICAL "$REG/server3:$IMG_TAG" + trivy image --exit-code 1 --severity CRITICAL "$REG/nginx:$IMG_TAG" - name: staging-deploy image: google/cloud-sdk:latest