@@ -107,60 +107,60 @@ jobs:
107107env :
108108 COSIGN_PRIVATE_KEY : ${{ secrets.COSIGN_PRIVATE_KEY }}
109109 COSIGN_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
110- vulnerability-scan :
111- permissions :
112- actions : read
113- contents : read
114- security-events : write
115- runs-on : ubuntu-latest
116- needs : build-operator-image-distroless
117- env :
118- SPLUNK_ENTERPRISE_IMAGE : ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
119- SPLUNK_OPERATOR_IMAGE_NAME : splunk/splunk-operator
120- ECR_REPOSITORY : ${{ secrets.ECR_REPOSITORY }}
121- S3_REGION : ${{ secrets.AWS_DEFAULT_REGION }}
122- IMAGE_NAME : ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }}-distroless
123- steps :
124- - name : Set up cosign
125- uses : sigstore/cosign-installer@main
126- - uses : actions/checkout@v2
127- - name : Dotenv Action
128- id : dotenv
129- uses : falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
130- - name : Set up Docker Buildx
131- 132- - name : Configure AWS credentials
133- uses : aws-actions/configure-aws-credentials@v1
134- with :
135- aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
136- aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
137- aws-region : ${{ secrets.AWS_DEFAULT_REGION }}
138-
139- - name : Login to Amazon ECR
140- uses : aws-actions/amazon-ecr-login@v1
141- - name : Pull Splunk Operator Image Locally
142- run : |
143- docker pull ${{ env.IMAGE_NAME }}
144- name : Verify Signed Splunk Operator image
145- run : |
146- cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }}
147- env :
148- COSIGN_PUBLIC_KEY : ${{ secrets.COSIGN_PUBLIC_KEY }}
149- - name : Run Trivy vulnerability scanner
150- uses : aquasecurity/trivy-action@master
151- with :
152- image-ref : ' ${{ env.IMAGE_NAME }}'
153- format : sarif
154- # exit-code: 1
155- severity : ' CRITICAL'
156- ignore-unfixed : true
157- output : ' trivy-results.sarif'
158- - name : Upload Trivy scan results to GitHub Security tab
159- uses : github/codeql-action/upload-sarif@v3
160- with :
161- sarif_file : ' trivy-results.sarif'
110+ # vulnerability-scan:
111+ # permissions:
112+ # actions: read
113+ # contents: read
114+ # security-events: write
115+ # runs-on: ubuntu-latest
116+ # needs: build-operator-image-distroless
117+ # env:
118+ # SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
119+ # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
120+ # ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
121+ # S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
122+ # IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }}-distroless
123+ # steps:
124+ # - name: Set up cosign
125+ # uses: sigstore/cosign-installer@main
126+ # - uses: actions/checkout@v2
127+ # - name: Dotenv Action
128+ # id: dotenv
129+ # uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
130+ # - name: Set up Docker Buildx
131+ 132+ # - name: Configure AWS credentials
133+ # uses: aws-actions/configure-aws-credentials@v1
134+ # with:
135+ # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
136+ # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
137+ # aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
138+ #
139+ # - name: Login to Amazon ECR
140+ # uses: aws-actions/amazon-ecr-login@v1
141+ # - name: Pull Splunk Operator Image Locally
142+ # run: |
143+ # docker pull ${{ env.IMAGE_NAME }}
144+ # - name: Verify Signed Splunk Operator image
145+ # run: |
146+ # cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }}
147+ # env:
148+ # COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
149+ # - name: Run Trivy vulnerability scanner
150+ # uses: aquasecurity/trivy-action@master
151+ # with:
152+ # image-ref: '${{ env.IMAGE_NAME }}'
153+ # format: sarif
154+ # #exit-code: 1
155+ # severity: 'CRITICAL'
156+ # ignore-unfixed: true
157+ # output: 'trivy-results.sarif'
158+ # - name: Upload Trivy scan results to GitHub Security tab
159+ # uses: github/codeql-action/upload-sarif@v3
160+ # with:
161+ # sarif_file: 'trivy-results.sarif'
162162 smoke-tests-arm-ubuntu :
163- needs : vulnerability-scan
163+ # needs: vulnerability-scan
164164 strategy :
165165 fail-fast : false
166166 matrix :
0 commit comments