Skip to content

trigger_workflow

trigger_workflow #148

name: Clair in CI DB - test
# This workflow tests latest database version of clair-in-ci and
# pushes it to app-studio registry in case all tests passed
on:
repository_dispatch:
types: trigger_workflow
env:
REGISTRY: quay.io/redhat-appstudio
IMAGE_NAME: clair-in-ci
LATEST_TAG: latest
MAJOR_VERSION_TAG: v1
TO_TEST: ${{ github.event.client_payload.image_tag }} # required, fail if not specified
PR_EVENT: ${{ github.event.client_payload.pr_event }} # required, fail if not specified
jobs:
test-and-push:
name: Test and push image
runs-on: ubuntu-20.04
steps:
- name: Check required parameters
run: |
if [ -z "${{ env.TO_TEST }}" ] || [ -z "${{ env.PR_EVENT }}" ]; then
echo "Recieved: image-tag: ${{ env.TO_TEST }}, event: ${{ env.PR_EVENT }}. Did not recieve required parameters, cancelling the workflow."
exit 1
fi
- name: Log into registry ${{ env.REGISTRY }}
uses: redhat-actions/podman-login@v1
if: ${{ github.event.client_payload.pr_event != 'pull_request' }} # don't login from PR; secrets are not passed to PRs from fork
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.HACBS_TEST_QUAY_USER }}
password: ${{ secrets.HACBS_TEST_QUAY_TOKEN }}
- name: Get Clair version
run: |
podman run --rm -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TO_TEST }} clair-action --version
- name: Check Clair output format
run: |
# test real life usage of clair
mkdir results
podman run --rm -v $(pwd)/results:/results:rw -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TO_TEST }} bash -c 'clair-action report --image-ref=registry.access.redhat.com/ubi9-minimal --db-path=/tmp/matcher.db --format=quay > /results/clairdata.json'
# check if required metadata and path to values are the same as expected
jq -e '.data[].Features[0] | select(has("Name") and has("Vulnerabilities")) or error("Required keys do not exist")' results/clairdata.json
- name: Retag-and-push-to-${{ env.REGISTRY }}
if: ${{ github.event.client_payload.pr_event != 'pull_request' }} # don't push image from PR
id: push-image
run: |
skopeo copy --all docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TO_TEST }} docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
skopeo copy --all docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TO_TEST }} docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MAJOR_VERSION_TAG }}