feat(docs): re-enable container security scanning
This commit is contained in:
21
.github/workflows/secgen.yaml
vendored
21
.github/workflows/secgen.yaml
vendored
@@ -52,6 +52,14 @@ jobs:
|
||||
shell: bash
|
||||
run: |
|
||||
#!/bin/bash
|
||||
render(){
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
echo "Rendering helm-template for ${chartname}"
|
||||
mkdir -p ${chart}/render
|
||||
helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
|
||||
}
|
||||
helm_sec_scan() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
@@ -65,15 +73,14 @@ jobs:
|
||||
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
|
||||
echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md
|
||||
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
|
||||
helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
|
||||
trivy config -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..."
|
||||
rm -rf ${chart}/render
|
||||
}
|
||||
container_sec_scan() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
echo "Scanning container security for ${chartname}"
|
||||
mkdir -p ${chart}/render
|
||||
echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md
|
||||
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
|
||||
echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md
|
||||
@@ -89,23 +96,25 @@ jobs:
|
||||
ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g")
|
||||
trivy image -f template --template "@./templates/trivy-container.tpl" ${ghcrcont} >> website/docs/charts/${train}/${chartname}/container-security.md
|
||||
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
|
||||
done
|
||||
done
|
||||
}
|
||||
cleanfiles() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
echo "sanitising website output for ${chartname}..."
|
||||
rm -rf ${chart}/render
|
||||
sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/helm-security.md
|
||||
#sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
|
||||
sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
|
||||
sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/helm-security.md
|
||||
#sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
|
||||
sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
|
||||
}
|
||||
for train in enterprise stable incubator dependency; do
|
||||
echo "Processing Charts for Train: ${train}..."
|
||||
for chart in $(ls "charts/${train}"); do
|
||||
render "charts/${train}/${chart}" ${chart} ${train}
|
||||
helm_sec_scan "charts/${train}/${chart}" ${chart} ${train}
|
||||
# container_sec_scan "charts/${train}/${chart}" ${chart} ${train}
|
||||
container_sec_scan "charts/${train}/${chart}" ${chart} ${train}
|
||||
cleanfiles "charts/${train}/${chart}" ${chart} ${train}
|
||||
done
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user