fix code scan with podman socket

jiridanek · Jun 28, 2024 · c00223c · c00223c
1 parent 86ffa65
commit c00223c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/.github/workflows/notebook_controller_integration_test.yaml b/.github/workflows/notebook_controller_integration_test.yaml
@@ -40,6 +40,8 @@ jobs:
           systemctl --user daemon-reload
           systemctl --user start podman.socket
 
+          echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:

diff --git a/.github/workflows/odh_notebook_controller_integration_test.yaml b/.github/workflows/odh_notebook_controller_integration_test.yaml
@@ -41,6 +41,8 @@ jobs:
           systemctl --user daemon-reload
           systemctl --user start podman.socket
 
+          echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:

diff --git a/testing/gha_run_trivy_scan.sh b/testing/gha_run_trivy_scan.sh
@@ -74,11 +74,13 @@ EOF
 
 echo "[INFO] running Trivy ${TRIVY_VERSION}"
 podman run --rm \
+    -v ${PODMAN_SOCK}:/var/run/docker.sock \
     -v ${REPORT_FOLDER}:/report \
     docker.io/aquasec/trivy:${TRIVY_VERSION} \
       image \
       --scanners vuln,secret \
-      --exit-code 0 --timeout 30m \
+      --exit-code 0 \
+      --timeout 30m \
       --severity CRITICAL,HIGH \
       --format template --template "@/report/$REPORT_TEMPLATE" -o /report/${REPORT_FILE} \
       ${IMAGE_NAME}