github.com/GoogleContainerTools/skaffold@v1.39.18/deploy/lts-vuln-monitor/cloudbuild.yaml

github.com/GoogleContainerTools/skaffold@v1.39.18/deploy/lts-vuln-monitor/cloudbuild.yaml (about)

     1  steps:
     2  - id: Get github token.
     3    name: gcr.io/cloud-builders/gcloud
     4    entrypoint: /bin/bash
     5    args: [ '-c', "gcloud secrets versions access latest --secret=$_GITHUB_TOKEN --format='get(payload.data)' | tr '_-' '/+' | base64 -d > token.txt" ]
     6  - id: Check vulnerability report.
     7    name: gcr.io/cloud-builders/gcloud
     8    entrypoint: /bin/bash
     9    args:
    10    - ./deploy/lts-vuln-monitor/scan.sh
    11    env:
    12    - 'PROJECT_ID=$PROJECT_ID'
    13    - '_IMAGE=$_IMAGE'
    14    - '_TAG_FILTER=$_TAG_FILTER'
    15    - '_SEVERITIES=$_SEVERITIES'
    16  - id: Report vulnerability.
    17    name: 'gcr.io/$PROJECT_ID/github'
    18    entrypoint: /bin/bash
    19    args:
    20    - -c
    21    - |
    22      if test -f /workspace/os_vuln.txt; then ./deploy/lts-vuln-monitor/report.sh; fi
    23    env:
    24    - '_OS_VULN_LABEL=$_OS_VULN_LABEL'
    25    - '_REPO=$_REPO'
    26  substitutions:
    27    _IMAGE: skaffold
    28    _TAG_FILTER: v.*lts
    29    _SEVERITIES: HIGH CRITICAL
    30    _OS_VULN_LABEL: lts os vuln
    31    _REPO: GoogleContainerTools/skaffold
    32    _GITHUB_TOKEN: LTS_IMAGE_CD_BOT_GITHUB_TOKEN