Compare commits
3 Commits
aacd2b1f07
...
9d8e0ea01f
| Author | SHA1 | Date | |
|---|---|---|---|
| 9d8e0ea01f | |||
| a32bab422f | |||
| 3cf3450b58 |
@ -41,7 +41,8 @@ for image in sorted(images, key=lambda d: d['imagePushedAt'], reverse=True):
|
|||||||
_delete = True
|
_delete = True
|
||||||
for tag in image["imageTags"]:
|
for tag in image["imageTags"]:
|
||||||
# Look for at least one tag NOT beign a SemVer dev tag
|
# Look for at least one tag NOT beign a SemVer dev tag
|
||||||
if "-" not in tag:
|
# untagged dev builds get tagged as <tag>-g<commit>
|
||||||
|
if "-g" not in tag and "dirty" not in tag:
|
||||||
_delete = False
|
_delete = False
|
||||||
if _delete:
|
if _delete:
|
||||||
print("Deleting development image {}".format(image["imageTags"]))
|
print("Deleting development image {}".format(image["imageTags"]))
|
||||||
|
|||||||
@ -8,8 +8,8 @@ SHELL := bash
|
|||||||
.PHONY: all # All targets are accessible for user
|
.PHONY: all # All targets are accessible for user
|
||||||
.DEFAULT: help # Running Make will run the help target
|
.DEFAULT: help # Running Make will run the help target
|
||||||
|
|
||||||
# Parse version from latest git semver tag
|
# Parse version from latest git semver tag, use short commit otherwise
|
||||||
GIT_TAG ?= $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
|
GIT_TAG ?= $(shell git describe --tags --match v*.*.* --dirty 2>/dev/null || git describe --match="" --always --dirty 2>/dev/null)
|
||||||
GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
|
GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
|
||||||
|
|
||||||
TAG ::= $(GIT_TAG)
|
TAG ::= $(GIT_TAG)
|
||||||
@ -49,7 +49,7 @@ test:: ## test built artificats
|
|||||||
|
|
||||||
scan: ## Scan image using trivy
|
scan: ## Scan image using trivy
|
||||||
echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
|
echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
|
||||||
trivy image $(TRIVY_OPTS) --quiet --no-progress --ignorefile ./.trivyignore.yaml localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||||
|
|
||||||
# first tag and push all actual images
|
# first tag and push all actual images
|
||||||
# create new manifest for each tag and add all available TAG-ARCH before pushing
|
# create new manifest for each tag and add all available TAG-ARCH before pushing
|
||||||
|
|||||||
@ -33,9 +33,6 @@ RUN curl -fsSL https://get.pulumi.com/ | sh -s -- --version $(pip show pulumi --
|
|||||||
# minimal pulumi
|
# minimal pulumi
|
||||||
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
||||||
|
|
||||||
# Remove AWS keys from docstring to prevent trivy alerts later
|
|
||||||
RUN sed -i -e 's/AKIA.*//' /venv/lib/python${RUNTIME_VERSION}/site-packages/pulumi_aws/lightsail/bucket_access_key.py
|
|
||||||
|
|
||||||
# Now build the final runtime, incl. running rootless containers
|
# Now build the final runtime, incl. running rootless containers
|
||||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user