eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Add Trivy CVE scan, container registry docs, and update diagrams
Helm Chart CI & Release / Lint Helm Chart (push) Successful in 9s
Details
Helm Chart CI & Release / Semantic Release (push) Successful in 2m1s
Details

Browse Source 
- Add Trivy vulnerability scan step to CI (HIGH/CRITICAL, warn-only)
- Add Container Registry section to README with pull examples
- Update architecture doc and HLD with crane + Trivy details

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Andrey
2026-02-19 21:38:05 +00:00
parent bd723dbd05
commit 8e99fe7614
4 changed files with 40 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release.yaml
Vendored
+16
View File
@@ -139,6 +139,22 @@ jobs:
crane tag "${DST}:${APP_VER}" "latest"
echo "Mirrored ${SRC} → ${DST}:{${APP_VER},${CHART_TAG},latest}"
- name: Trivy vulnerability scan
run: |
TRIVY_VER="0.58.2"
curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VER}/trivy_${TRIVY_VER}_Linux-64bit.tar.gz" \
| tar -xz -C /usr/local/bin trivy
APP_VER=$(grep '^appVersion:' fleetdm-stack/Chart.yaml | awk '{print $2}' | tr -d '"')
OWNER=$(echo "${{ gitea.repository_owner }}" | tr '[:upper:]' '[:lower:]')
IMAGE="git.produktor.io/${OWNER}/flamingo-tech-test:${APP_VER}"
export TRIVY_USERNAME="${{ gitea.actor }}"
export TRIVY_PASSWORD="${{ secrets.REPO_TOKEN }}"
echo "Scanning ${IMAGE} for vulnerabilities..."
trivy image --severity HIGH,CRITICAL --exit-code 0 "${IMAGE}"
- name: Create tag
run: |
git config user.name "Gitea Actions"