Squashed '.ci/' changes from 67529a0..ca67be5

ca67be5 feat: only set TRIVY_IGNORE of file present git-subtree-dir: .ci git-subtree-split: ca67be57ee80e190ce07719b16bc0059267cbdb4
2025-05-24 13:38:17 +00:00 · 2025-05-24 13:38:17 +00:00 · cd49e55a3b
commit cd49e55a3b
parent a32bab422f
1 changed files with 4 additions and 1 deletions
--- a/podman.mk
+++ b/podman.mk
@ -29,6 +29,9 @@ ARCH ::= amd64
 ALL_ARCHS ::= amd64 arm64
 _ARCH = $(or $(filter $(ARCH),$(ALL_ARCHS)),$(error $$ARCH [$(ARCH)] must be exactly one of "$(ALL_ARCHS)"))

+ifneq ($(shell ls ./.trivyignore.yaml 2>/dev/null),)
+  TRIVY_IGNORE ::= --ignorefile ./.trivyignore.yaml
+endif
 ifneq ($(TRIVY_REMOTE),)
 	TRIVY_OPTS ::= --server $(TRIVY_REMOTE)
 endif
@ -49,7 +52,7 @@ test:: ## test built artificats

 scan: ## Scan image using trivy
 	echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
-	trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
+	trivy image $(TRIVY_OPTS) --quiet --no-progress $(TRIVY_IGNORE) localhost/$(IMAGE):$(TAG)-$(_ARCH)

 # first tag and push all actual images
 # create new manifest for each tag and add all available TAG-ARCH before pushing