ci: remove custom hack, add support for trivyignore
Some checks reported errors
ZeroDownTime/CloudBender/pipeline/head Something is wrong with the build of this commit
Some checks reported errors
ZeroDownTime/CloudBender/pipeline/head Something is wrong with the build of this commit
This commit is contained in:
parent
ee27ba1774
commit
096e244171
7
.trivyignore.yaml
Normal file
7
.trivyignore.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
secrets:
|
||||||
|
- id: gcp-service-account
|
||||||
|
paths:
|
||||||
|
- "/venv/lib/python*/site-packages/pulumi_aws/glue/connection.py"
|
||||||
|
- id: private-key
|
||||||
|
paths:
|
||||||
|
- "/venv/lib/python*/site-packages/pulumi_aws/glue/connection.py"
|
||||||
@ -33,11 +33,6 @@ RUN curl -fsSL https://get.pulumi.com/ | sh -s -- --version $(pip show pulumi --
|
|||||||
# minimal pulumi
|
# minimal pulumi
|
||||||
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
||||||
|
|
||||||
# Remove AWS keys from docstring to prevent trivy alerts later
|
|
||||||
RUN sed -i -e 's/AKIA.*//' \
|
|
||||||
/venv/lib/python${RUNTIME_VERSION}/site-packages/pulumi_aws/lightsail/bucket_access_key.py \
|
|
||||||
/venv/lib/python${RUNTIME_VERSION}/site-packages/pulumi_aws/glue/connection.py
|
|
||||||
|
|
||||||
# Now build the final runtime, incl. running rootless containers
|
# Now build the final runtime, incl. running rootless containers
|
||||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user