feat(docs): re-enable container security scanning

This commit is contained in:
Kjeld Schouten-Lebbing
2022-12-23 17:16:09 +01:00
parent 4536b6a821
commit 7e005f58ab

View File

@@ -52,6 +52,14 @@ jobs:
shell: bash
run: |
#!/bin/bash
render(){
local chart="$1"
local chartname="$2"
local train="$3"
echo "Rendering helm-template for ${chartname}"
mkdir -p ${chart}/render
helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
}
helm_sec_scan() {
local chart="$1"
local chartname="$2"
@@ -65,15 +73,14 @@ jobs:
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
trivy config -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..."
rm -rf ${chart}/render
}
container_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
echo "Scanning container security for ${chartname}"
mkdir -p ${chart}/render
echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md
@@ -89,23 +96,25 @@ jobs:
ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g")
trivy image -f template --template "@./templates/trivy-container.tpl" ${ghcrcont} >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
done
done
}
cleanfiles() {
local chart="$1"
local chartname="$2"
local train="$3"
echo "sanitising website output for ${chartname}..."
rm -rf ${chart}/render
sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/helm-security.md
#sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/helm-security.md
#sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
}
for train in enterprise stable incubator dependency; do
echo "Processing Charts for Train: ${train}..."
for chart in $(ls "charts/${train}"); do
render "charts/${train}/${chart}" ${chart} ${train}
helm_sec_scan "charts/${train}/${chart}" ${chart} ${train}
# container_sec_scan "charts/${train}/${chart}" ${chart} ${train}
container_sec_scan "charts/${train}/${chart}" ${chart} ${train}
cleanfiles "charts/${train}/${chart}" ${chart} ${train}
done
done