fix: fix quotes, do not execute scan during push

2022-02-14 13:35:13 +01:00 · 2022-02-14 13:35:13 +01:00 · b6fea5a0a6
commit b6fea5a0a6
parent db97da8b42
2 changed files with 2 additions and 2 deletions
--- a/podman.mk
+++ b/podman.mk
@ -26,7 +26,7 @@ scan: build
 	@echo "Scanning $(IMAGE):$(TAG) using Trivy"
 	@trivy $(TRIVY_OPTS) $(IMAGE):$(TAG)

-push: scan
+push: build
 	@aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
 	@docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest
 	docker push $(REGISTRY)/$(IMAGE):$(TAG)
--- a/vars/buildPodman.groovy
+++ b/vars/buildPodman.groovy
@ -49,7 +49,7 @@ def call(Map config=[:]) {
            ]

            // Scan again and fail on CRITICAL vulns
-            sh '[ "${config.trivyFail}" == "NONE" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan'
+            sh "[ \"${config.trivyFail}\" == \"NONE\" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
          }
        }