feat: [DEVOPS-41238] add trivy all-in-one pipeline#1
Merged
yuzichen12123 merged 64 commits intoalauda-v0.62.1from Jul 18, 2025
Merged
feat: [DEVOPS-41238] add trivy all-in-one pipeline#1yuzichen12123 merged 64 commits intoalauda-v0.62.1from
yuzichen12123 merged 64 commits intoalauda-v0.62.1from
Conversation
Collaborator
Author
|
/allinone |
1 similar comment
Collaborator
Author
|
/allinone |
Collaborator
Author
|
/allinone |
Collaborator
Author
|
/allinone |
Collaborator
Author
|
/allinone |
1 similar comment
Collaborator
Author
|
/allinone |
Collaborator
Author
|
/allinone |
Collaborator
Author
|
/allinone |
yuzichen12123
commented
Jul 17, 2025
| on: | ||
| push: | ||
| branches: | ||
| - alauda-v* |
Collaborator
Author
There was a problem hiding this comment.
alauda-v.* 分支有更新时,自动 release
Collaborator
Author
There was a problem hiding this comment.
用 snapshot 模式试了下,可以跑通
yuzichen12123
commented
Jul 17, 2025
| apiVersion: tekton.dev/v1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| name: trivy-all-in-one |
Collaborator
Author
There was a problem hiding this comment.
包含编译、测试、扫描、上传制品等步骤的流水线。
该流水线是 github action 方案前写的,目前 trivy 扫描的步骤还是在这个流水线中做的。
帮忙看下是否有必要保留该流水线?如果没必要的话,我把 trivy 扫描步骤也迁移到 github action
yuzichen12123
commented
Jul 17, 2025
Comment on lines
+21
to
+27
| 当需要使用新版本的 trivy 时,按照以下步骤执行: | ||
|
|
||
| 1. 从对应 tag 拉出 alauda 分支,例如 `v0.62.1` tag 对应 `alauda-v0.62.1` 分支 | ||
| 2. 将新分支加入到 renovate 的配置文件中,用于自动扫描并修复漏洞 | ||
| 3. renovate 提 PR 后,会自动跑流水线,若所有测试通过,则 PR 将会被自动合并 | ||
| 4. 合并到 `alauda-v0.62.1` 分支后,goreleaser 会自动创建出 `alauda-v0.62.1` release | ||
| 5. 其他插件中配置的 renovate 会根据配置自动从 release 中获取制品 |
Collaborator
Author
There was a problem hiding this comment.
后续按照这个流程维护该仓库
yuzichen12123
commented
Jul 17, 2025
Comment on lines
+55
to
+57
| This release is intended for use only as part of the Alauda product suite. | ||
| It is not recommended for use by individuals or teams outside of Alauda. | ||
| Any consequences arising from its use are the sole responsibility of the user. |
Collaborator
Author
There was a problem hiding this comment.
免责声明,不推荐其他人使用我们的制品
Collaborator
Author
|
已验证过,所有测试跑通: |
nanjingfm
approved these changes
Jul 18, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.