Skip to content

Commit

Permalink
Comment out vurneability-scan
Browse files Browse the repository at this point in the history
  • Loading branch information
igor.grzankowski committed Jan 14, 2025
1 parent 07bcdff commit aff7344
Showing 1 changed file with 53 additions and 53 deletions.
106 changes: 53 additions & 53 deletions .github/workflows/distroless-build-test-push-workflow.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,60 +107,60 @@ jobs:
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
vulnerability-scan:
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-latest
needs: build-operator-image-distroless
env:
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }}-distroless
steps:
- name: Set up cosign
uses: sigstore/cosign-installer@main
- uses: actions/checkout@v2
- name: Dotenv Action
id: dotenv
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2.5.0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
- name: Pull Splunk Operator Image Locally
run: |
docker pull ${{ env.IMAGE_NAME }}
- name: Verify Signed Splunk Operator image
run: |
cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }}
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.IMAGE_NAME }}'
format: sarif
#exit-code: 1
severity: 'CRITICAL'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
# vulnerability-scan:
# permissions:
# actions: read
# contents: read
# security-events: write
# runs-on: ubuntu-latest
# needs: build-operator-image-distroless
# env:
# SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
# SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
# ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
# S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
# IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }}-distroless
# steps:
# - name: Set up cosign
# uses: sigstore/cosign-installer@main
# - uses: actions/checkout@v2
# - name: Dotenv Action
# id: dotenv
# uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2.5.0
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
#
# - name: Login to Amazon ECR
# uses: aws-actions/amazon-ecr-login@v1
# - name: Pull Splunk Operator Image Locally
# run: |
# docker pull ${{ env.IMAGE_NAME }}
# - name: Verify Signed Splunk Operator image
# run: |
# cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }}
# env:
# COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: '${{ env.IMAGE_NAME }}'
# format: sarif
# #exit-code: 1
# severity: 'CRITICAL'
# ignore-unfixed: true
# output: 'trivy-results.sarif'
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: 'trivy-results.sarif'
smoke-tests-arm-ubuntu:
needs: vulnerability-scan
# needs: vulnerability-scan
strategy:
fail-fast: false
matrix:
Expand Down

0 comments on commit aff7344

Please sign in to comment.