Skip to content

Commit

Permalink
fix image_scan.sh script and download trivy version (k3s-io#7950)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 58a8deb)
  • Loading branch information
@osodracnai
osodracnai committed Jul 13, 2023
1 parent 807d800 commit fa74ec1
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 14 deletions.
30 changes: 18 additions & 12 deletions Dockerfile.dapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,19 +19,25 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c

RUN python3 -m pip install awscli

RUN if [ "$(go env GOARCH)" = "arm64" ]; then \
wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-ARM64.tar.gz && \
tar -zxvf trivy_0.25.3_Linux-ARM64.tar.gz && \
mv trivy /usr/local/bin; \
elif [ "$(go env GOARCH)" = "arm" ]; then \
wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-ARM.tar.gz && \
tar -zxvf trivy_0.25.3_Linux-ARM.tar.gz && \
mv trivy /usr/local/bin; \
elif [ "$(go env GOARCH)" = "amd64" ]; then \
wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-64bit.tar.gz && \
tar -zxvf trivy_0.25.3_Linux-64bit.tar.gz && \
mv trivy /usr/local/bin; \
RUN TRIVY_VERSION="0.43.1" && \
if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \
if [ "$(go env GOARCH)" = "arm64" ]; then \
# Turn arm64 into uppercase ARM64 for Trivy's download
TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
mv trivy /usr/local/bin; \
elif [ "$(go env GOARCH)" = "amd64" ]; then \
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
mv trivy /usr/local/bin; \
elif [ "$(go env GOARCH)" = "s390x" ]; then \
wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
mv trivy /usr/local/bin; \
fi \
fi

# this works for both go 1.17 and 1.18
RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.8.2
RUN rm -rf /go/src /go/pkg
Expand Down
4 changes: 2 additions & 2 deletions scripts/image_scan.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ fi

ARCH=$2

# skipping image scan for s390x since trivy doesn't support s390x arch yet
if [ "${ARCH}" == "s390x" ]; then
# skipping image scan for 32 bits image since trivy dropped support for those https://github.com/aquasecurity/trivy/discussions/4789
if [[ "${ARCH}" = "arm" ]] || [ "${ARCH}" != "386" ]; then
exit 0
fi

Expand Down

0 comments on commit fa74ec1

Please sign in to comment.