remove security generator here as well

This commit is contained in:
Kjeld Schouten-Lebbing
2022-07-12 13:10:19 +02:00
committed by GitHub
parent 5f986353f9
commit a90776b509
-58
View File
@@ -78,9 +78,6 @@ chart_runner(){
train=$(basename $(dirname "${1}"))
SCALESUPPORT=$(cat ${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r)
helm dependency update "${1}" --skip-refresh || (sleep 10 && helm dependency update "${1}" --skip-refresh) || (sleep 10 && helm dependency update "${1}" --skip-refresh)
helm_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..."
container_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..."
sec_scan_cleanup "${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..."
sync_tag "${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..."
create_changelog "${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..."
generate_docs "${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..."
@@ -301,61 +298,6 @@ sync_tag() {
}
export -f sync_tag
helm_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning helm security for ${chartname}"
mkdir -p ${chart}/render
rm -rf ${chart}/security.md || echo "removing old security.md file failed..."
cat templates/security.tpl >> ${chart}/security.md
echo "" >> ${chart}/security.md
helm template ${chart} --output-dir ${chart}/render > /dev/null
trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
}
export -f helm_sec_scan
container_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning container security for ${chartname}"
echo "## Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Detected Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
cat ${chart}/render/containers.tmp >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Scan Results" >> ${chart}/security.md
echo "" >> ${chart}/security.md
for container in $(cat ${chart}/render/containers.tmp); do
echo "processing container: ${container}"
echo "" >> ${chart}/security.md
trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}"
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
done
}
export -f container_sec_scan
sec_scan_cleanup() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
rm -rf ${chart}/render
sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md
}
export -f sec_scan_cleanup
pre_commit() {
if [[ -z "$standalone" ]]; then
echo "Running pre-commit test-and-cleanup..."