From a90776b50921619d6229b5bb1b38c29b1ce1abfb Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 12 Jul 2022 13:10:19 +0200 Subject: [PATCH] remove security generator here as well --- tools/build-release.sh | 58 ------------------------------------------ 1 file changed, 58 deletions(-) diff --git a/tools/build-release.sh b/tools/build-release.sh index 9528ef11f3b..77eb397927c 100755 --- a/tools/build-release.sh +++ b/tools/build-release.sh @@ -78,9 +78,6 @@ chart_runner(){ train=$(basename $(dirname "${1}")) SCALESUPPORT=$(cat ${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r) helm dependency update "${1}" --skip-refresh || (sleep 10 && helm dependency update "${1}" --skip-refresh) || (sleep 10 && helm dependency update "${1}" --skip-refresh) - helm_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..." - container_sec_scan "${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..." - sec_scan_cleanup "${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..." sync_tag "${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..." create_changelog "${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..." generate_docs "${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..." @@ -301,61 +298,6 @@ sync_tag() { } export -f sync_tag -helm_sec_scan() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - echo "Scanning helm security for ${chartname}" - mkdir -p ${chart}/render - rm -rf ${chart}/security.md || echo "removing old security.md file failed..." - cat templates/security.tpl >> ${chart}/security.md - echo "" >> ${chart}/security.md - helm template ${chart} --output-dir ${chart}/render > /dev/null - trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render - cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md - rm -rf ${chart}/render/tmpsec${chartname}.md || true - echo "" >> ${chart}/security.md - } - export -f helm_sec_scan - -container_sec_scan() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - echo "Scanning container security for ${chartname}" - echo "## Containers" >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "##### Detected Containers" >> ${chart}/security.md - echo "" >> ${chart}/security.md - find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp - cat ${chart}/render/containers.tmp >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "##### Scan Results" >> ${chart}/security.md - echo "" >> ${chart}/security.md - for container in $(cat ${chart}/render/containers.tmp); do - echo "processing container: ${container}" - echo "" >> ${chart}/security.md - trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}" - cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md - rm -rf ${chart}/render/tmpsec${chartname}.md || true - echo "" >> ${chart}/security.md - done - - } - export -f container_sec_scan - -sec_scan_cleanup() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - rm -rf ${chart}/render - sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md - } - export -f sec_scan_cleanup - pre_commit() { if [[ -z "$standalone" ]]; then echo "Running pre-commit test-and-cleanup..."