From 36bcac00ab85d4f0c6fccfeebb7ceb652eebeb51 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Wed, 13 Nov 2024 23:30:24 +0100
Subject: [PATCH] ci: add read-only pull secret to security build

---
 .woodpecker/build-container.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml
index 4cb58e1..59beee4 100644
--- a/.woodpecker/build-container.yml
+++ b/.woodpecker/build-container.yml
@@ -12,6 +12,8 @@ steps:
       containerfile: Containerfile.multiarch
       output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
       repo: ${CI_REPO}
+      registry_config:
+        from_secret: DOCKER_REGISTRY_CONFIG_PULL
 
   - name: security-scan
     image: docker.io/aquasec/trivy
@@ -49,7 +51,7 @@ steps:
           - ${CI_REPO_DEFAULT_BRANCH}
 
   - name: publish-quay
-    image: quay.io/thegeeklab/wp-docker-buildx:5.0.6
+    image: quay.io/thegeeklab/wp-docker-buildx:5
     depends_on: [security-scan]
     settings:
       auto_tag: true