Squashed '.ci/' changes from 49ea8c8..a47929d

a47929d feat: switch to latest trivy cli syntax
cb5faca feat: add create-repo task to ease bootstrapping new project

git-subtree-dir: .ci
git-subtree-split: a47929da1c1cb926f444766d592e24910122fc0e
This commit is contained in:
Stefan Reimer 2022-07-12 13:13:20 +00:00
parent 770968c49d
commit 2109b5c10c

View File

@ -2,10 +2,10 @@
GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//')
ifeq ($(TRIVY_REMOTE),) # EXTRA_TAGS supposed to be set at the caller, eg. $(shell echo $(TAG) | awk -F '.' '{ print $$1 "." $$2 }')
TRIVY_OPTS := image
else ifneq ($(TRIVY_REMOTE),)
TRIVY_OPTS := client --remote ${TRIVY_REMOTE} TRIVY_OPTS := --server ${TRIVY_REMOTE}
endif endif
.PHONY: build test scan push clean .PHONY: build test scan push clean
@ -24,7 +24,7 @@ test: build rm-test-image
scan: build scan: build
@echo "Scanning $(REGISTRY)/$(IMAGE):$(TAG) using Trivy" @echo "Scanning $(REGISTRY)/$(IMAGE):$(TAG) using Trivy"
@trivy $(TRIVY_OPTS) $(REGISTRY)/$(IMAGE):$(TAG) @trivy image $(TRIVY_OPTS) $(REGISTRY)/$(IMAGE):$(TAG)
push: build push: build
@aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY) @aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
@ -54,5 +54,9 @@ rm-test-image:
ci-pull-upstream: ci-pull-upstream:
git stash && git subtree pull --prefix .ci ssh://git@git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git master --squash && git stash pop git stash && git subtree pull --prefix .ci ssh://git@git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git master --squash && git stash pop
.PHONY: create-repo
create-repo:
aws ecr-public create-repository --repository-name $(IMAGE) --region $(REGION)
.DEFAULT: .DEFAULT:
@echo "$@ not implemented. NOOP" @echo "$@ not implemented. NOOP"