-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Just a bunch of CI stuff #16
Conversation
- Run vuln scans on latest tag - Generate and upload build badge and cve badges to GCS - Update README format to include badges - Only run affected images on main push - Enable slack alerting via webhook (DISTROLESS_SLACK_WEBHOOK) - Remove .chainguard/ directory Signed-off-by: Josh Dolitsky <josh@dolit.ski>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, we'll probably need to run it and iterate.
set -x | ||
echo '${{ toJSON(matrix) }}' > inputs.json | ||
for kv in `env | grep '^EXTRA_INPUT_' | sed 's/^EXTRA_INPUT_//'`; do | ||
k="$(echo "${kv}" | cut -d "=" -f1 | tr '[:upper:]' '[:lower:]' | sed -r 's/(.)_+(.)/\1\U\2/g;s/^[a-z]/\U&/' | sed 's/.*/\l&/')" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not gonna lie, this scares me a little.
for _, tag := range strings.Split(image.ApkoAdditionalTags, ",") { | ||
tmp = append(tmp, fmt.Sprintf("`%s`", tag)) | ||
// TODO: support images with multiple extra tags (not just latest) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add this as a task/issue if you've not already
Hmm, just realised I'm on the hook if this goes mental and continuously spams slack 😂 |
Two things from me:
|
Use separate Slack webhook for vulnerability scans
Use separate Slack webhook for vulnerability scans
AUTO: Adds project board syncer for image issues
Use separate Slack webhook for vulnerability scans
Signed-off-by: Adrian Mouat <adrian@chainguard.dev>
Put back to what I want to happen
Print logs to stderr instead of file
Cleanup repo to reflect new GitHub org etc.
Signed-off-by: Adrian Mouat <adrian@chainguard.dev>
Cleanup repo to reflect new GitHub org etc.
AUTO: Adds project board syncer for image issues
…d-images#16) Bumps [google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials) from 0 to 1. - [Release notes](https://github.com/google-github-actions/get-gke-credentials/releases) - [Changelog](https://github.com/google-github-actions/get-gke-credentials/blob/main/CHANGELOG.md) - [Commits](google-github-actions/get-gke-credentials@v0...v1) --- updated-dependencies: - dependency-name: google-github-actions/get-gke-credentials dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sneak peak of Badgeville (live at https://github.com/chainguard-images/images/blob/ci-stuff/README.md):