DEVOPS-685: Upload to aqua #724
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Trivy Java DB | |
| on: | |
| push: | |
| branches: | |
| - lihiz_upload_to_aqua | |
| workflow_dispatch: | |
| env: | |
| GH_USER: aqua-bot | |
| DB_VERSION: 1 | |
| permissions: | |
| packages: write # for GHCR | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build DB | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v2 | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: go.mod | |
| id: go | |
| - name: Build the binary | |
| run: make build | |
| - name: Crawl indexes | |
| run: make db-crawl | |
| - name: Build database | |
| run: make db-build | |
| - name: Compress database | |
| run: make db-compress | |
| - name: Move DB | |
| run: mv cache/db/javadb.tar.gz . | |
| # - name: Login to Docker Hub | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # username: ${{ secrets.DOCKERHUB_USER }} | |
| # password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # - name: Login to GitHub Packages Container registry | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ env.GH_USER }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Login to ECR | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: public.ecr.aws | |
| # username: ${{ secrets.ECR_ACCESS_KEY_ID }} | |
| # password: ${{ secrets.ECR_SECRET_ACCESS_KEY }} | |
| - name: login to Aqua Container Registry | |
| uses: azure/docker-login@v2 | |
| with: | |
| login-server: ${{ secrets.AQUSEC_ACR_REGISTRY_NAME }} | |
| username: ${{ secrets.AQUASEC_ACR_USERNAME }} | |
| password: ${{ secrets.AQUASEC_ACR_PASSWORD }} | |
| - name: Install oras | |
| run: | | |
| curl -LO https://github.com/oras-project/oras/releases/download/v1.2.0/oras_1.2.0_linux_amd64.tar.gz | |
| tar -xvf ./oras_1.2.0_linux_amd64.tar.gz | |
| - name: Upload assets to registries | |
| run: | | |
| lowercase_repo=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
| ./oras version | |
| echo "Starting artifact upload process..." | |
| # Define an array of registry base URLs and their corresponding repository names | |
| declare -A registries=( | |
| ["${{ secrets.AQUSEC_ACR_REGISTRY_NAME }}"]=$(echo "$lowercase_repo" | cut -d'/' -f2) | |
| ) | |
| # Special case for docker.io if the organization is 'aquasecurity' | |
| if [[ "${lowercase_repo}" == "aquasecurity/"* ]]; then | |
| registries["docker.io"]="aquasec/${lowercase_repo#aquasecurity/}" | |
| echo "Docker Hub repository adjusted for aquasecurity: ${registries["docker.io"]}" | |
| fi | |
| # Loop through each registry and push the artifact | |
| for registry in "${!registries[@]}"; do | |
| repo_name=${registries[$registry]} | |
| full_registry_url="${registry}/${repo_name}" | |
| echo "Processing registry: ${full_registry_url}" | |
| if ./oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ | |
| "${full_registry_url}:${DB_VERSION}" \ | |
| javadb.tar.gz:application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip; then | |
| echo "Successfully pushed to ${full_registry_url}:${DB_VERSION}" | |
| else | |
| echo "Failed to push to ${full_registry_url}:${DB_VERSION}" | |
| exit 1 | |
| fi | |
| done | |
| echo "Artifact upload process completed." | |
| # - name: Microsoft Teams Notification | |
| # ## Until the PR with the fix for the AdaptivCard version is merged yet | |
| # ## https://github.com/Skitionek/notify-microsoft-teams/pull/96 | |
| # ## Use the aquasecurity fork | |
| # uses: aquasecurity/notify-microsoft-teams@master | |
| # if: failure() | |
| # with: | |
| # webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }} | |
| # needs: ${{ toJson(needs) }} | |
| # job: ${{ toJson(job) }} | |
| # steps: ${{ toJson(steps) }} |