clair: only run clair-action once and convert output

By adding the convert command to the clair-action cli the clair-scan task can take advantage and only call the expensive reporting command once. Signed-off-by: crozzy <[email protected]>
konflux-ci · Nov 28, 2024 · 8fdbf22 · 8fdbf22
1 parent 0a78a6d
commit 8fdbf22
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/task/clair-scan/0.2/clair-scan.yaml b/task/clair-scan/0.2/clair-scan.yaml
@@ -111,8 +111,8 @@ spec:
         # we require in the policy rules, so we resort to running clair-action
         # twice to produce both quay and clair formatted output
         clair_report() {
-          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=quay | tee "clair-result-$2.json"; } && \
-          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=clair > "clair-report-$2.json"; }
+          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=clair > "clair-report-$2.json"; } && \
+          { clair-action convert --file-path="clair-report-$2.json" --format=quay | tee "clair-result-$2.json"; }
         }
 
         for sha_file in image-manifest-*.sha; do