remove security generator here as well
This commit is contained in:
committed by
GitHub
parent
5f986353f9
commit
a90776b509
@@ -78,9 +78,6 @@ chart_runner(){
|
||||
train=$(basename $(dirname "${1}"))
|
||||
SCALESUPPORT=$(cat ${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r)
|
||||
helm dependency update "${1}" --skip-refresh || (sleep 10 && helm dependency update "${1}" --skip-refresh) || (sleep 10 && helm dependency update "${1}" --skip-refresh)
|
||||
helm_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..."
|
||||
container_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..."
|
||||
sec_scan_cleanup "${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..."
|
||||
sync_tag "${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..."
|
||||
create_changelog "${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..."
|
||||
generate_docs "${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..."
|
||||
@@ -301,61 +298,6 @@ sync_tag() {
|
||||
}
|
||||
export -f sync_tag
|
||||
|
||||
helm_sec_scan() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
local chartversion="$4"
|
||||
echo "Scanning helm security for ${chartname}"
|
||||
mkdir -p ${chart}/render
|
||||
rm -rf ${chart}/security.md || echo "removing old security.md file failed..."
|
||||
cat templates/security.tpl >> ${chart}/security.md
|
||||
echo "" >> ${chart}/security.md
|
||||
helm template ${chart} --output-dir ${chart}/render > /dev/null
|
||||
trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render
|
||||
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
|
||||
rm -rf ${chart}/render/tmpsec${chartname}.md || true
|
||||
echo "" >> ${chart}/security.md
|
||||
}
|
||||
export -f helm_sec_scan
|
||||
|
||||
container_sec_scan() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
local chartversion="$4"
|
||||
echo "Scanning container security for ${chartname}"
|
||||
echo "## Containers" >> ${chart}/security.md
|
||||
echo "" >> ${chart}/security.md
|
||||
echo "##### Detected Containers" >> ${chart}/security.md
|
||||
echo "" >> ${chart}/security.md
|
||||
find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
|
||||
cat ${chart}/render/containers.tmp >> ${chart}/security.md
|
||||
echo "" >> ${chart}/security.md
|
||||
echo "##### Scan Results" >> ${chart}/security.md
|
||||
echo "" >> ${chart}/security.md
|
||||
for container in $(cat ${chart}/render/containers.tmp); do
|
||||
echo "processing container: ${container}"
|
||||
echo "" >> ${chart}/security.md
|
||||
trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}"
|
||||
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
|
||||
rm -rf ${chart}/render/tmpsec${chartname}.md || true
|
||||
echo "" >> ${chart}/security.md
|
||||
done
|
||||
|
||||
}
|
||||
export -f container_sec_scan
|
||||
|
||||
sec_scan_cleanup() {
|
||||
local chart="$1"
|
||||
local chartname="$2"
|
||||
local train="$3"
|
||||
local chartversion="$4"
|
||||
rm -rf ${chart}/render
|
||||
sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md
|
||||
}
|
||||
export -f sec_scan_cleanup
|
||||
|
||||
pre_commit() {
|
||||
if [[ -z "$standalone" ]]; then
|
||||
echo "Running pre-commit test-and-cleanup..."
|
||||
|
||||
Reference in New Issue
Block a user