feat(STONEINTG-1072): refactoring clamav-db to avoild uploading file

Signed-off-by: Kasem Alem <kalem@kalem-thinkpadp16vgen1.raanaii.csb>
konflux-ci · Nov 26, 2024 · b98a7ce · b98a7ce
1 parent 64627f9
commit b98a7ce
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 4 deletions.
diff --git a/.github/workflows/clam-db.yaml b/.github/workflows/clam-db.yaml
@@ -54,7 +54,7 @@ jobs:
           image: ${{ env.IMAGE_NAME }}
           tags: ${{ env.NEW_TAG}} ${{ env.VERSION_MAJOR }} ${{ env.LATEST_TAG }}
           archs: amd64,ppc64le
-          context: clamav/
+          context: .
           containerfiles: |
             ./clamav/Dockerfile
 

diff --git a/clamav/Dockerfile b/clamav/Dockerfile
@@ -1,9 +1,34 @@
 FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542
+FROM quay.io/enterprise-contract/ec-cli:snapshot@sha256:dc7d404596385e7d3c624ec0492524a1d57efe2b0c10cf0ec2158d49c0290a83 AS ec-cli
+
+ENV POLICY_PATH="/project"
+# Install required packages
 RUN rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
     microdnf -y --setopt=tsflags=nodocs install \
     clamav \
     clamd \
-    clamav-update && \
-    microdnf clean all
-COPY whitelist.ign2 /var/lib/clamav/whitelist.ign2
+    clamav-update \
+    jq \
+    tar \
+    skopeo \
+    && microdnf clean all
+
+COPY ./test/utils.sh /utils.sh
+
+
+# Update ClamAV virus definitions
 RUN freshclam
+
+COPY clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
+
+COPY policies $POLICY_PATH
+COPY test/conftest.sh $POLICY_PATH
+
+# Download and install oc
+RUN ARCH="$(uname -m)" && \
+    curl -fsSL https://mirror.openshift.com/pub/openshift-v4/"$ARCH"/clients/ocp/stable/openshift-client-linux.tar.gz --output oc.tar.gz && \
+    cp oc.tar.gz /usr/bin/oc && \
+    tar -xzvf oc.tar.gz -C /usr/bin && \
+    rm oc.tar.gz
+
+ENTRYPOINT ["/usr/bin/clamscan"]