Commit c0877f34 authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Tag PR image build as latest before scanning

This is less effort than passing the tag across steps 🤷‍♂️ Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com> (cherry picked from commit 378edb93) Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com>
parent ebc4e505
...@@ -27,11 +27,12 @@ jobs: ...@@ -27,11 +27,12 @@ jobs:
run: | run: |
make local make local
make package-image make package-image
make tag-image-latest
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0 uses: aquasecurity/trivy-action@0.24.0
with: with:
image-ref: 'rancher/k3s' image-ref: 'rancher/k3s:latest'
format: 'table' format: 'table'
severity: "HIGH,CRITICAL" severity: "HIGH,CRITICAL"
output: "trivy-report.txt" output: "trivy-report.txt"
......
#!/bin/bash
set -e
cd $(dirname $0)/..
. ./scripts/version.sh
TAG=${TAG:-${VERSION_TAG}${SUFFIX}}
REPO=${REPO:-rancher}
IMAGE_NAME=${IMAGE_NAME:-k3s}
IMAGE=${REPO}/${IMAGE_NAME}:${TAG}
LATEST=${REPO}/${IMAGE_NAME}:latest
docker image tag ${IMAGE} ${LATEST}
echo Tagged ${IMAGE} as ${LATEST}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment