testing trivy scan

PatrickLaabs · PatrickLaabs · commit 04e2241bd888 · 2025-06-11T16:18:42.000+02:00
diff --git a/Makefile b/Makefile
@@ -45,8 +45,6 @@ export GO111MODULE=on
 # Base docker images
 
 DOCKERFILE_CONTAINER_IMAGE ?= docker.io/docker/dockerfile:1.4
-# DEPLOYMENT_BASE_IMAGE ?= gcr.io/distroless/static
-# DEPLOYMENT_BASE_IMAGE_TAG ?= nonroot-${ARCH}
 DEPLOYMENT_BASE_IMAGE ?= ubuntu
 DEPLOYMENT_BASE_IMAGE_TAG ?= 22.04
 BUILD_CONTAINER_ADDITIONAL_ARGS ?=
@@ -220,7 +218,7 @@ endif
 
 PROD_REGISTRY ?= ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s
 
-STAGING_REGISTRY ?= ghcr.io/patricklaabs/k8s-staging-cluster-api-cdk8s
+STAGING_REGISTRY ?= ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s
 STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api-cdk8s.appspot.com
 
 # core
@@ -594,7 +592,7 @@ release-staging: ## Build and push container images to the staging bucket
 	REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-push-all release-alias-tag
 
 .PHONY: release-staging-nightly
-release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-helm-controller:nightly_main_20210121
+release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-cdk8s-controller:nightly_main_20210121
 	$(eval NEW_RELEASE_ALIAS_TAG := nightly_$(RELEASE_ALIAS_TAG)_$(shell date +'%Y%m%d'))
 	echo $(NEW_RELEASE_ALIAS_TAG)
 	$(MAKE) release-alias-tag TAG=$(RELEASE_ALIAS_TAG) RELEASE_ALIAS_TAG=$(NEW_RELEASE_ALIAS_TAG)
diff --git a/config/default/manager_pull_policy.yaml-e b/config/default/manager_pull_policy.yaml-e
@@ -8,4 +8,4 @@ spec:
     spec:
       containers:
       - name: manager
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent
diff --git a/hack/verify-container-images.sh b/hack/verify-container-images.sh
@@ -53,11 +53,11 @@ chmod +x ${TOOL_BIN}/trivy
 rm ${TOOL_BIN}/trivy.tar.gz
 
 # Builds all the container images to be scanned and cleans up changes to ./*manager_image_patch.yaml ./*manager_pull_policy.yaml.
-make REGISTRY=gcr.io/k8s-staging-cluster-api-helm PULL_POLICY=IfNotPresent TAG=dev docker-build
+make REGISTRY=ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller PULL_POLICY=IfNotPresent TAG=dev docker-build
 make clean-release-git
 
 # Scan the images
-${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller-"${GO_ARCH}":dev && R5=$? || R5=$?
+${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller-"${GO_ARCH}":dev && R5=$? || R5=$?
 
 echo ""
 BRed='\033[1;31m'
diff --git a/scripts/ci-e2e-lib.sh b/scripts/ci-e2e-lib.sh
@@ -22,7 +22,7 @@ capi:buildDockerImages () {
   # please ensure the generated image name matches image names used in the E2E_CONF_FILE;
   # also the same settings must be set in Makefile, docker-build-e2e target.
   ARCH="$(go env GOARCH)"
-  export REGISTRY=gcr.io/k8s-staging-cluster-api-helm
+  export REGISTRY=ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s
   export TAG=dev
   export ARCH
 
