From 77c5df06971c7ec5d355879ac4d9434e5f7fc2cb Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Mon, 3 Feb 2025 14:21:41 +0100 Subject: [PATCH] sbom in ci --- .woodpecker.yml | 40 ++++++++++++++++++++++++++++++++-------- queries/saerbeck.sql | 1 + 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index c53d46b..6a22230 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -14,15 +14,39 @@ steps: when: - event: [push, tag] + scan: + image: quay.io/wollud1969/woodpecker-helper:0.5.1 + environment: + TRIVY_TOKEN: + from_secret: trivy_token + TRIVY_URL: + from_secret: trivy_url + DTRACK_API_KEY: + from_secret: dtrack_api_key + DTRACK_API_URL: + from_secret: dtrack_api_url + commands: + - trivy fs --server $TRIVY_URL --token $TRIVY_TOKEN --format cyclonedx -o /tmp/sbom.xml . + - curl -X "POST" \ + -H "Content-Type: multipart/form-data" \ + -H "X-Api-Key: $DTRACK_API_KEY" \ + -F "autoCreate=true" \ + -F "projectName=$CI_REPO" \ + -F "projectVersion=$CI_COMMIT_SHA" \ + -F "bom=@/tmp/sbom.xml"\ + "$DTRACK_API_URL/api/v1/bom" + when: + - event: [push, tag] + deploy: - image: portainer/kubectl-shell:latest - secrets: - - source: kube_config - target: KUBE_CONFIG_CONTENT - - source: encryption_key - target: ENCRYPTION_KEY - - source: secrets_checksum - target: MD5_CHECKSUM + image: quay.io/wollud1969/woodpecker-helper:0.5.1 + environment: + KUBE_CONFIG_CONTENT: + from_secret: kube_config + ENCRYPTION_KEY: + from_secret: encryption_key + MD5_CHECKSUM: + from_secret: secrets_checksum commands: - export IMAGE_TAG=$CI_COMMIT_TAG - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig diff --git a/queries/saerbeck.sql b/queries/saerbeck.sql index e9d05ab..a953016 100644 --- a/queries/saerbeck.sql +++ b/queries/saerbeck.sql @@ -41,3 +41,4 @@ create or replace view cubecell_threeway_battery_v as from measurements where application = 'de-hottis-saerbeck-monitoring' and device = 'eui-70b3d57ed0068fa4'; +