From ad31a9ca2707b0fcabfe70d1a8c64a4643a86377 Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 8 Aug 2025 13:30:48 +0000 Subject: [PATCH] pipeline rewrite v6 --- .woodpecker.yml | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 0d87cbd..bc158c9 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -14,21 +14,19 @@ steps: IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev) REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo - # Fetch Trivy standalone binary (no apt, no docker required) - TRIVY_VERSION=0.52.0 - curl -fsSL -o /tmp/trivy.tgz \ - "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar -xzf /tmp/trivy.tgz -C /usr/local/bin trivy - chmod +x /usr/local/bin/trivy + apt-get update -qq + apt-get install -y -qq gnupg apt-transport-https curl ca-certificates docker.io - # Auth to Artifact Registry for Trivy's registry client - export TRIVY_USERNAME=oauth2accesstoken - export TRIVY_PASSWORD="$(gcloud auth print-access-token)" + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | bash + export PATH="$PATH:$(pwd)/bin" + + gcloud auth configure-docker us-central1-docker.pkg.dev -q + + trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG + trivy image --exit-code 1 --severity CRITICAL $REG/server2:$IMG_TAG + trivy image --exit-code 1 --severity CRITICAL $REG/server3:$IMG_TAG + trivy image --exit-code 1 --severity CRITICAL $REG/nginx:$IMG_TAG - trivy image --exit-code 1 --severity CRITICAL "$REG/server1:$IMG_TAG" - trivy image --exit-code 1 --severity CRITICAL "$REG/server2:$IMG_TAG" - trivy image --exit-code 1 --severity CRITICAL "$REG/server3:$IMG_TAG" - trivy image --exit-code 1 --severity CRITICAL "$REG/nginx:$IMG_TAG" - name: staging-deploy image: google/cloud-sdk:latest