From 243c066ccd985eccec34cc66b28dac848eaabeec Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Thu, 14 Nov 2024 21:10:01 +0100
Subject: [PATCH] ci: add read-only pull secret to security build

---
 .woodpecker/build-container.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml
index 5cdde35..c3ece77 100644
--- a/.woodpecker/build-container.yml
+++ b/.woodpecker/build-container.yml
@@ -13,6 +13,8 @@ steps:
       output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
       repo: thegeeklab/${CI_REPO_NAME}
       cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
+      registry_config:
+        from_secret: DOCKER_REGISTRY_CONFIG_PULL
 
   - name: security-scan
     image: docker.io/aquasec/trivy