From 5e91f28fa85059531c3c1816c7f8ec2cb8586dcb Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Wed, 11 Sep 2024 11:55:07 -0700 Subject: [PATCH] x Signed-off-by: Derek Nola --- .github/workflows/trivy.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index dc178918fd..51d9632473 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -33,16 +33,17 @@ jobs: - name: Build RKE2 Image run: SKIP_WINDOWS=true make build-image-runtime - - name: Save Newest Tag + - name: Save Runtime Tag + id: rke2-tag run: | docker images --format "{{.Repository}}:{{.Tag}} {{.CreatedAt}}" - NEWEST_TAG=$(docker images --format "{{.Repository}}:{{.Tag}} {{.CreatedAt}}" | grep "rancher/rke2-runtime" | sort -k2 -r | head -n1 | awk '{print $1}') - echo "{NEWEST_TAG}={$NEWEST_TAG}" >> "$GITHUB_ENV" + TAG=$(docker images --format "{{.Repository}}:{{.Tag}} {{.CreatedAt}}" | grep "rancher/rke2-runtime" | sort -k2 -r | head -n1 | awk '{print $1}') + echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.24.0 with: - image-ref: 'rancher/rke2-runtime:${{ env.NEWEST_TAG }}' + image-ref: 'rancher/rke2-runtime:${{ steps.rke2-tag.outputs.TAG }}' format: 'table' severity: "HIGH,CRITICAL" output: "trivy-report.txt"