mirror of https://github.com/k3s-io/k3s.git
fix image_scan.sh script and download trivy version (#7950)
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
This commit is contained in:
parent
3eb4e12c3b
commit
58a8deb25d
|
@ -19,17 +19,23 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c
|
|||
|
||||
RUN python3 -m pip install awscli
|
||||
|
||||
RUN TRIVY_VERSION="0.42.0" && \
|
||||
if [ "$(go env GOARCH)" = "arm64" ] || [ "$(go env GOARCH)" = "arm" ]; then \
|
||||
# Turn arm64 and arm into uppercase ARM64 and ARM, respectively, for Trivy's download
|
||||
TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
|
||||
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
|
||||
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
|
||||
mv trivy /usr/local/bin; \
|
||||
elif [ "$(go env GOARCH)" = "amd64" ]; then \
|
||||
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
||||
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
||||
mv trivy /usr/local/bin; \
|
||||
RUN TRIVY_VERSION="0.43.1" && \
|
||||
if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \
|
||||
if [ "$(go env GOARCH)" = "arm64" ]; then \
|
||||
# Turn arm64 into uppercase ARM64 for Trivy's download
|
||||
TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
|
||||
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
|
||||
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
|
||||
mv trivy /usr/local/bin; \
|
||||
elif [ "$(go env GOARCH)" = "amd64" ]; then \
|
||||
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
||||
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
||||
mv trivy /usr/local/bin; \
|
||||
elif [ "$(go env GOARCH)" = "s390x" ]; then \
|
||||
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
|
||||
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
|
||||
mv trivy /usr/local/bin; \
|
||||
fi \
|
||||
fi
|
||||
|
||||
# this works for both go 1.17 and 1.18
|
||||
|
|
|
@ -9,8 +9,8 @@ fi
|
|||
|
||||
ARCH=$2
|
||||
|
||||
# skipping image scan for s390x since trivy doesn't support s390x arch yet
|
||||
if [ "${ARCH}" == "s390x" ]; then
|
||||
# skipping image scan for 32 bits image since trivy dropped support for those https://github.com/aquasecurity/trivy/discussions/4789
|
||||
if [[ "${ARCH}" = "arm" ]] || [ "${ARCH}" != "386" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue