diff --git a/.github/workflows/nightly-scan.yaml b/.github/workflows/nightly-scan.yaml index 6e4fa2e9a6f9..7e139c466bbe 100644 --- a/.github/workflows/nightly-scan.yaml +++ b/.github/workflows/nightly-scan.yaml @@ -31,13 +31,6 @@ jobs: fetch-depth: 0 lfs: true - - name: Get latest tag on branch - shell: bash - run: | - BRANCH_NAME=${{ matrix.branch }} - LATEST_TAG=$(git tag --merged ${BRANCH_NAME} --sort=-creatordate | head -n 1) - echo "IMAGE_TAG=${LATEST_TAG}" >> $GITHUB_ENV - - name: Log into registry ${{env.REGISTRY}} uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -48,7 +41,11 @@ jobs: - name: Set Image name run: | - echo IMAGE_NAME="ghcr.io/nirmata/kyverno:${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + echo IMAGE_NAME="ghcr.io/nirmata/nightly-kyverno" >> $GITHUB_ENV + + - name: Build and Push Image + run: | + make ko-publish-kyverno REPO=nirmata KYVERNO_IMAGE=nightly-kyverno KO_TAGS=latest - name: Scan image using grype id: grype-scan @@ -88,3 +85,15 @@ jobs: echo "====grype-scan====" cat ${{ steps.grype-scan.outputs.sarif }} exit 1 + + - name: Notify failure status + if: always() && (job.status == 'failure') + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 #v2.3.2 + env: + SLACK_CHANNEL: cve-nightly-scan-alerts + SLACK_COLOR: ${{ job.status }} + SLACK_ICON: https://cdn-icons-png.flaticon.com/512/25/25231.png + SLACK_MESSAGE: Repository - ${{github.repository}} - ${{ matrix.branch }} Environment - nightly-scan + SLACK_TITLE: CVE discovered + SLACK_USERNAME: Github Actions + SLACK_WEBHOOK: ${{ secrets.NIGHTLY_SCAN_WEBHOOK }} \ No newline at end of file diff --git a/Makefile b/Makefile index 5b8fe4e121f1..e36883fcd61e 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ GOARCH ?= $(shell go env GOARCH) KOCACHE ?= /tmp/ko-cache BUILD_WITH ?= ko KYVERNOPRE_IMAGE := kyvernopre -KYVERNO_IMAGE := kyverno +KYVERNO_IMAGE ?= kyverno CLI_IMAGE := kyverno-cli CLEANUP_IMAGE := cleanup-controller REPORTS_IMAGE := reports-controller @@ -265,11 +265,11 @@ build-all: build-kyverno-init build-kyverno build-cli build-cleanup-controller b LOCAL_PLATFORM := linux/$(GOARCH) KO_REGISTRY ?= ko.local ifndef VERSION -KO_TAGS := $(GIT_SHA) +KO_TAGS ?= $(GIT_SHA) else ifeq ($(VERSION),main) -KO_TAGS := $(GIT_SHA),latest +KO_TAGS ?= $(GIT_SHA),latest else -KO_TAGS := $(GIT_SHA),$(subst /,-,$(VERSION)) +KO_TAGS ?= $(GIT_SHA),$(subst /,-,$(VERSION)) endif KO_CLI_REPO := $(PACKAGE)/$(CLI_DIR)