-
Notifications
You must be signed in to change notification settings - Fork 4
/
custom-image-check.yaml
65 lines (61 loc) · 1.9 KB
/
custom-image-check.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
creationTimestamp: '2021-06-01T11:45:07Z'
generation: 7
managedFields:
- apiVersion: tekton.dev/v1beta1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:params': {}
'f:results': {}
'f:steps': {}
manager: Mozilla
operation: Update
time: '2021-06-01T11:45:07Z'
name: custom-image-check
resourceVersion: '1528129'
selfLink: /apis/tekton.dev/v1beta1/clustertasks/custom-image-check
uid: 27cd98e7-5e0c-4a7e-b37f-bdbadefdf0df
spec:
params:
- description: >-
Secret containing the address:port tuple for StackRox Central (example -
rox.stackrox.io:443)
name: rox_central_endpoint
type: string
- description: Secret containing the StackRox API token with CI permissions
name: rox_api_token
type: string
- description: 'Full name of image to scan (example -- gcr.io/rox/sample:5.0-rc1)'
name: image
type: string
results:
- description: Output of `roxctl image check`
name: check_output
steps:
- env:
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: rox_api_token
name: $(params.rox_api_token)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: rox_central_endpoint
name: $(params.rox_central_endpoint)
image: ubi8/openjdk-11
name: custom-image-check
resources: {}
script: >-
#!/usr/bin/env bash
set +x
curl -k -L -H "Authorization: Bearer $ROX_API_TOKEN"
https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux --output
./roxctl > /dev/null; echo "Getting roxctl"
chmod +x ./roxctl > /dev/null
./roxctl image check --insecure-skip-tls-verify -e $ROX_CENTRAL_ENDPOINT
--image $(params.image)