add options of dependencies

aquasecurity · Feb 18, 2025 · 110eae5 · 110eae5
2 parents 985d26b + 55462b6
commit 110eae5
Show file tree

Hide file tree

Showing 5 changed files with 172 additions and 128 deletions.
diff --git a/.github/plugin_template.yaml b/.github/plugin_template.yaml
@@ -1,8 +1,9 @@
 name: "aqua"
 repository: github.com/aquasecurity/trivy-plugin-aqua
 version: "PLACEHOLDERVERSION"
-usage: trivy aqua <srcPath>
-description: A Trivy plugin that sends results to Aqua.
+maintainer: aquasecurity
+summary: Send results to Aqua Security
+description: A plugin for integration with Aqua Security SaaS platform
 platforms:
   - selector: # optional
       os: linux

diff --git a/.github/workflows/create-pr.yml b/.github/workflows/create-pr.yml
@@ -9,31 +9,20 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: actions/checkout@v3
       - name: Update plugin Links
         run: |
           sed  -e "s/PLACEHOLDERVERSION/${{github.ref_name}}/g" .github/plugin_template.yaml > plugin.yaml
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v7
         with:
-          token: ${{ secrets.PR_CREATION_TOKEN }}
           branch: "update-plugin-links-${{github.ref_name}}"
-          title: "Update Plugin Artifacts Links for ${{github.ref_name}}"     
           base: master
+          title: "Update Plugin Artifacts Links for ${{github.ref_name}}"     
           add-paths: |
             plugin.yaml
-      - name: Send Slack message (Workflow)
-        id: slack
-        uses: slackapi/slack-github-action@v1.21.0
-        with:
-          payload: |
-            {
-              "link": "${{ steps.cpr.outputs.pull-request-url }}"
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.CODE_TEAM_SLACK_WEBHOOK }}
-      - name: Send Teams message
-        run: |
-          curl -H "Content-Type: application/json" -d '{"text": "New pull request opened: '${{ steps.cpr.outputs.pull-request-url }}'"}' ${{ secrets.TEAMS_WEBHOOK_URL }}
diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
@@ -1,7 +1,7 @@
 name: update docker images
 on:
   pull_request:
-    branches: 
+    branches:
       - master
     types:
       - closed
@@ -10,47 +10,53 @@ on:
       - README-dockerhub.md
 
 jobs:
-  Update-images:
+  update-latest-version:
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout target branch
-      uses: actions/checkout@v2
-      with:
-        ref: ${{ github.event.pull_request.base.ref }}
-    - name: Login to docker.io registry
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.ARGON_DOCKERHUB_USER }}
-        password: ${{ secrets.ARGON_DOCKERHUB_TOKEN }}
-    - name: Extract version
-      run: "echo \"new_version=$(grep 'version: ' plugin.yaml | cut -d '\"' -f2)\" >> $GITHUB_ENV"
-    - name: Change image versions to latest
-      run: |
-        docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64
-        docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64 aquasec/aqua-scanner:latest-amd64
-        docker push aquasec/aqua-scanner:latest-amd64
-        
-        docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64
-        docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64 aquasec/aqua-scanner:latest-arm64
-        docker push aquasec/aqua-scanner:latest-arm64
-        
-        #docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited
-        #docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited aquasec/aqua-scanner:latest-amd64-limited
-        #docker push aquasec/aqua-scanner:latest-amd64-limited
-        
-        #docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited
-        #docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited aquasec/aqua-scanner:latest-arm64-limited
-        #docker push aquasec/aqua-scanner:latest-arm64-limited
-        docker manifest create aquasec/aqua-scanner:latest aquasec/aqua-scanner:latest-amd64 aquasec/aqua-scanner:latest-arm64
-        docker manifest push aquasec/aqua-scanner:latest
-        
-        #docker manifest create aquasec/aqua-scanner:latest-limited aquasec/aqua-scanner:latest-amd64-limited aquasec/aqua-scanner:latest-arm64-limited
-        #docker manifest push aquasec/aqua-scanner:latest-limited
-    - name: DockerHub description update
-      uses: peter-evans/dockerhub-description@v3
-      with:
-        username: ${{ secrets.ARGON_DOCKERHUB_USER }}
-        password: ${{ secrets.ARGON_DOCKERHUB_TOKEN }}
-        repository: aquasec/aqua-scanner
-        readme-filepath: ./README-dockerhub.md
+      - name: Checkout target branch
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
+      - name: Login to docker.io registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.ARGON_DOCKERHUB_USER }}
+          password: ${{ secrets.ARGON_DOCKERHUB_TOKEN }}
+      - name: Extract version
+        run: 'echo "new_version=$(grep ''version: '' plugin.yaml | cut -d ''"'' -f2)" >> $GITHUB_ENV'
+      - name: Change image versions to latest
+        run: |
+          docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64
+          docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64 aquasec/aqua-scanner:latest-amd64
+          docker push aquasec/aqua-scanner:latest-amd64
+
+          docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64
+          docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64 aquasec/aqua-scanner:latest-arm64
+          docker push aquasec/aqua-scanner:latest-arm64
+
+          docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited
+          docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited aquasec/aqua-scanner:latest-amd64-limited
+          docker push aquasec/aqua-scanner:latest-amd64-limited
+
+          docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited
+          docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited aquasec/aqua-scanner:latest-arm64-limited
+          docker push aquasec/aqua-scanner:latest-arm64-limited
+          docker manifest create aquasec/aqua-scanner:latest aquasec/aqua-scanner:latest-amd64 aquasec/aqua-scanner:latest-arm64
+          docker manifest push aquasec/aqua-scanner:latest
+
+          docker manifest create aquasec/aqua-scanner:latest-limited aquasec/aqua-scanner:latest-amd64-limited aquasec/aqua-scanner:latest-arm64-limited
+          docker manifest push aquasec/aqua-scanner:latest-limited
+      - name: DockerHub description update
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.ARGON_DOCKERHUB_USER }}
+          password: ${{ secrets.ARGON_DOCKERHUB_TOKEN }}
+          repository: aquasec/aqua-scanner
+          readme-filepath: ./README-dockerhub.md
+      - name: Update tag to latest
+        uses: richardsimko/update-tag@e173a8ef8f54ab526a91dad6139a25efed62424c # v1.0.11
+        with:
+          tag_name: ${{ env.new_version }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.UPDATE_TAG_GH_TOKEN }}
diff --git a/.github/workflows/retag-latest-version.yml b/.github/workflows/retag-latest-version.yml
@@ -0,0 +1,40 @@
+name: Re-tag latest version
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Version to re-tag"
+        required: true
+
+jobs:
+  Update-images:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to docker.io registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.ARGON_DOCKERHUB_USER }}
+          password: ${{ secrets.ARGON_DOCKERHUB_TOKEN }}
+      - name: Change image versions to latest
+        run: |
+          docker pull aquasec/aqua-scanner:${{ inputs.version }}-amd64
+          docker tag aquasec/aqua-scanner:${{ inputs.version }}-amd64 aquasec/aqua-scanner:latest-amd64
+          docker push aquasec/aqua-scanner:latest-amd64
+
+          docker pull aquasec/aqua-scanner:${{ inputs.version }}-arm64
+          docker tag aquasec/aqua-scanner:${{ inputs.version }}-arm64 aquasec/aqua-scanner:latest-arm64
+          docker push aquasec/aqua-scanner:latest-arm64
+
+          docker pull aquasec/aqua-scanner:${{ inputs.version }}-amd64-limited
+          docker tag aquasec/aqua-scanner:${{ inputs.version }}-amd64-limited aquasec/aqua-scanner:latest-amd64-limited
+          docker push aquasec/aqua-scanner:latest-amd64-limited
+
+          docker pull aquasec/aqua-scanner:${{ inputs.version }}-arm64-limited
+          docker tag aquasec/aqua-scanner:${{ inputs.version }}-arm64-limited aquasec/aqua-scanner:latest-arm64-limited
+          docker push aquasec/aqua-scanner:latest-arm64-limited
+          
+          docker manifest create aquasec/aqua-scanner:latest aquasec/aqua-scanner:latest-amd64 aquasec/aqua-scanner:latest-arm64
+          docker manifest push aquasec/aqua-scanner:latest
+
+          docker manifest create aquasec/aqua-scanner:latest-limited aquasec/aqua-scanner:latest-amd64-limited aquasec/aqua-scanner:latest-arm64-limited
+          docker manifest push aquasec/aqua-scanner:latest-limited