pipeline rewrite v6

.woodpecker.yml

@@ -14,21 +14,19 @@ steps:
         IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)
         REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
 
-        # Fetch Trivy standalone binary (no apt, no docker required)
+        apt-get update -qq
-        TRIVY_VERSION=0.52.0
+        apt-get install -y -qq gnupg apt-transport-https curl ca-certificates docker.io
-        curl -fsSL -o /tmp/trivy.tgz \
-          "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
-        tar -xzf /tmp/trivy.tgz -C /usr/local/bin trivy
-        chmod +x /usr/local/bin/trivy
 
-        # Auth to Artifact Registry for Trivy's registry client
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | bash
-        export TRIVY_USERNAME=oauth2accesstoken
+        export PATH="$PATH:$(pwd)/bin"
-        export TRIVY_PASSWORD="$(gcloud auth print-access-token)"
+
+        gcloud auth configure-docker us-central1-docker.pkg.dev -q
+
+        trivy image --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG
+        trivy image --exit-code 1 --severity CRITICAL $REG/server2:$IMG_TAG
+        trivy image --exit-code 1 --severity CRITICAL $REG/server3:$IMG_TAG
+        trivy image --exit-code 1 --severity CRITICAL $REG/nginx:$IMG_TAG
 
-        trivy image --exit-code 1 --severity CRITICAL "$REG/server1:$IMG_TAG"
-        trivy image --exit-code 1 --severity CRITICAL "$REG/server2:$IMG_TAG"
-        trivy image --exit-code 1 --severity CRITICAL "$REG/server3:$IMG_TAG"
-        trivy image --exit-code 1 --severity CRITICAL "$REG/nginx:$IMG_TAG"
 
   - name: staging-deploy
     image: google/cloud-sdk:latest