Skip to content

Commit ac5300f

Browse files
dtadcoxDavid T. Adcox
dtadcox
and
David T. Adcox
authored
502: Adding samples to periodic scan of last release (#516)
* 502: Adding samples to periodic scan of last release * 502: Make sample app scan work for all builds --------- Co-authored-by: David T. Adcox <[email protected]>
1 parent 8609deb commit ac5300f

File tree

2 files changed

+26
-4
lines changed

2 files changed

+26
-4
lines changed

.one-pipeline.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -279,6 +279,10 @@ containerize:
279279
make setup-go GO_RELEASE_VERSION=$(get_env go-version)
280280
export PATH=$PATH:/usr/local/go/bin
281281
yum -y -q update
282+
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
283+
sudo snap install yq
284+
sudo snap install jq
285+
fi
282286
283287
export RELEASE_TARGET=$(get_env branch)
284288
@@ -424,6 +428,22 @@ containerize:
424428
fi
425429
done
426430
431+
432+
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
433+
CSV_URL="https://raw.githubusercontent.com/WASdev/websphere-liberty-operator/$RELEASE_TARGET/bundle/manifests/ibm-websphere-liberty.clusterserviceversion.yaml"
434+
echo "CSV URL: ${CSV_URL}"
435+
MANIFEST=$(curl $CSV_URL | yq '.spec.relatedImages[] | select (.name = "liberty-sample-app") | .image')
436+
else
437+
MANIFEST=$(cat bundle/manifests/ibm-websphere-liberty.clusterserviceversion.yaml | yq '.spec.relatedImages[] | select (.name = "liberty-sample-app") | .image')
438+
fi
439+
IMAGE="${MANIFEST%%@*}"
440+
for row in $(docker manifest inspect $MANIFEST | jq -c '.manifests[]'); do
441+
DIGEST=$(echo "${row}" | jq -r '.digest')
442+
ARCH=$(echo "${row}" | jq -r '.platform.architecture')
443+
echo "Saving artifact sample-$RELEASE_TARGET type=image name=$IMAGE digest=$DIGEST arch=$ARCH"
444+
save_artifact sample-$RELEASE_TARGET type=image name="$IMAGE" "digest=$DIGEST" "arch=$ARCH"
445+
done
446+
427447
echo "MEND unified agent scan"
428448
chmod +x "${COMMONS_PATH}/whitesource/whitesource_unified_agent_scan.sh"
429449
source "${COMMONS_PATH}/whitesource/whitesource_unified_agent_scan.sh"

scripts/pipeline/ci_to_secure_pipeline_scan.sh

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,13 @@ if which list_artifacts >/dev/null; then
99
IMAGE_NAME="$(load_artifact "$ARTIFACT_IMAGE" "name" 2>/dev/null)"
1010
IMAGE_TYPE="$(load_artifact "$ARTIFACT_IMAGE" "type" 2>/dev/null)"
1111

12-
# Ensure "cp." is in front of image name
13-
if [[ ${IMAGE_NAME%%"."*} != "cp" ]]; then
14-
IMAGE_NAME="cp.${IMAGE_NAME}"
12+
# Ensure "cp." is in front of image name, except in samples case
13+
if [[ ${IMAGE_NAME} != *"samples"* ]];then
14+
if [[ ${IMAGE_NAME%%"."*} != "cp" ]]; then
15+
IMAGE_NAME="cp.${IMAGE_NAME}"
16+
fi
1517
fi
16-
18+
1719
if [[ -z "${IMAGE_NAME}" || "$(echo "$IMAGE_TYPE" | tr '[:upper:]' '[:lower:]')" != "image" ]]; then
1820
continue
1921
else

0 commit comments

Comments
 (0)