You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/acrcssc/azext_acrcssc/templates/task/cssc_scan_image.yaml
+8-3Lines changed: 8 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ alias:
3
3
values:
4
4
patchimagetask: cssc-patch-image
5
5
DATE: $(date "+%Y-%m-%d")
6
-
cssc : mcr.microsoft.com/acr/cssc:cbcf692
6
+
cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
7
7
steps:
8
8
- id: print-inputs
9
9
cmd: |
@@ -45,10 +45,15 @@ steps:
45
45
if [ "$eoslValue" = "true" ]; then \
46
46
echo "PATCHING will be skipped as EOSL is $eoslValue for image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}"; \
47
47
elif [ $vulCount -gt 0 ]; then \
48
+
RegistryBaseName={{.Run.Registry}}
49
+
if [[ $RegistryBaseName == *-* ]]; then
50
+
RegistryBaseName="${RegistryBaseName%%-*}"
51
+
echo "DNL registry name detected, readjusting RegistryBaseName to $RegistryBaseName for task scheduling"
52
+
fi
48
53
az login --identity --allow-no-subscriptions; \
49
54
echo "Total OS vulnerabilities found -> $vulCount"; \
50
-
echo "PATCHING task scheduled for image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}, new patch tag will be {{.Values.SOURCE_IMAGE_ORIGINAL_TAG}}-{{.Values.SOURCE_IMAGE_NEWPATCH_TAG}}"; \
51
-
az acr task run --name $patchimagetask --registry $RegistryName --set SOURCE_REPOSITORY={{.Values.SOURCE_REPOSITORY}} --set SOURCE_IMAGE_TAG={{.Values.SOURCE_IMAGE_ORIGINAL_TAG}} --set SOURCE_IMAGE_NEWPATCH_TAG={{.Values.SOURCE_IMAGE_NEWPATCH_TAG}} --no-wait; \
55
+
echo "PATCHING task scheduled for image ${RegistryBaseName}/{{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}, new patch tag will be {{.Values.SOURCE_IMAGE_ORIGINAL_TAG}}-{{.Values.SOURCE_IMAGE_NEWPATCH_TAG}}"; \
56
+
az acr task run --name $patchimagetask --registry $RegistryBaseName --set SOURCE_REPOSITORY={{.Values.SOURCE_REPOSITORY}} --set SOURCE_IMAGE_TAG={{.Values.SOURCE_IMAGE_ORIGINAL_TAG}} --set SOURCE_IMAGE_NEWPATCH_TAG={{.Values.SOURCE_IMAGE_NEWPATCH_TAG}} --no-wait; \
52
57
else \
53
58
echo "PATCHING will be skipped as no vulnerability found in the image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}"; \
Copy file name to clipboardExpand all lines: src/acrcssc/azext_acrcssc/templates/task/cssc_trigger_workflow.yaml
+11-8Lines changed: 11 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@ version: v1.1.0
2
2
alias:
3
3
values:
4
4
ScanImageAndSchedulePatchTask: cssc-scan-image
5
-
cssc : mcr.microsoft.com/acr/cssc:cbcf692
5
+
cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
6
6
maxLimit: 100
7
7
steps:
8
8
- cmd: bash -c 'echo "Inside cssc-trigger-workflow task, getting list of images to be patched based on --filter-policy for Registry {{.Run.Registry}}."'
@@ -28,10 +28,14 @@ steps:
28
28
timeout: 1800
29
29
cmd: |
30
30
az -c '
31
-
counter=0; \
32
-
batchSize=10; \
33
-
sleepDuration=30; \
34
-
RegistryName={{.Run.Registry}}; \
31
+
counter=0
32
+
batchSize=10
33
+
sleepDuration=30
34
+
RegistryBaseName={{.Run.Registry}}
35
+
if [[ $RegistryBaseName == *-* ]]; then
36
+
RegistryBaseName="${RegistryBaseName%%-*}"
37
+
echo "DNL registry name detected, readjusting RegistryBaseName to $RegistryBaseName for task scheduling"
38
+
fi
35
39
while read line;do \
36
40
IFS=',' read -r -a array <<< "${line}"
37
41
RepoName=${array[0]}
@@ -44,15 +48,14 @@ steps:
44
48
else
45
49
IncrementedTagNumber="1"
46
50
fi
47
-
48
51
if [ $TagName == "N/A" ]; then
49
52
TagName=$OriginalTag
50
53
elif [[ $TagName =~ -([0-9]{1,3})$ ]]; then
51
54
TagNumber=${BASH_REMATCH[1]}
52
55
IncrementedTagNumber=$((TagNumber+1))
53
56
fi
54
-
echo "Scheduling $ScanImageAndSchedulePatchTask for $RegistryName/$RepoName, Tag:$TagName, OriginalTag:$OriginalTag, PatchTag:$OriginalTag-$IncrementedTagNumber"; \
55
-
az acr task run --name $ScanImageAndSchedulePatchTask --registry $RegistryName --set SOURCE_REPOSITORY=$RepoName --set SOURCE_IMAGE_TAG=$TagName --set SOURCE_IMAGE_ORIGINAL_TAG=$OriginalTag --set SOURCE_IMAGE_NEWPATCH_TAG=$IncrementedTagNumber --no-wait; \
57
+
echo "Scheduling $ScanImageAndSchedulePatchTask for ${RegistryBaseName}/$RepoName, Tag:$TagName, OriginalTag:$OriginalTag, PatchTag:$OriginalTag-$IncrementedTagNumber"; \
58
+
az acr task run --name $ScanImageAndSchedulePatchTask --registry $RegistryBaseName --set SOURCE_REPOSITORY=$RepoName --set SOURCE_IMAGE_TAG=$TagName --set SOURCE_IMAGE_ORIGINAL_TAG=$OriginalTag --set SOURCE_IMAGE_NEWPATCH_TAG=$IncrementedTagNumber --no-wait; \
56
59
counter=$((counter+1)); \
57
60
if [ $((counter%batchSize)) -eq 0 ]; then \
58
61
echo "Waiting for $sleepDuration seconds before scheduling scans for next batch of images"; \
0 commit comments