github/wp-docker-buildx
0
0
Fork 0
mirror of https://github.com/thegeeklab/wp-docker-buildx.git synced 2024-11-22 00:00:40 +00:00
Code Issues Releases Activity

ci: add read-only pull secret to security build

Browse Source
This commit is contained in:
Robert Kaussow 2024-11-13 23:30:24 +01:00
parent 13f95c9b14
commit 36bcac00ab
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.woodpecker/build-container.yml
View File

@ -12,6 +12,8 @@ steps:
containerfile: Containerfile.multiarch containerfile: Containerfile.multiarch
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: ${CI_REPO} repo: ${CI_REPO}
registry_config:
from_secret: DOCKER_REGISTRY_CONFIG_PULL
- name: security-scan - name: security-scan
image: docker.io/aquasec/trivy image: docker.io/aquasec/trivy
@ -49,7 +51,7 @@ steps:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
- name: publish-quay - name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:5.0.6 image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan] depends_on: [security-scan]
settings: settings:
auto_tag: true auto_tag: true