dont error on scan

farmersdog · Jun 14, 2024 · 990f9f5 · 990f9f5
1 parent 5977ddf
commit 990f9f5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -28,7 +28,7 @@ jobs:
         run: make images
   scan:
     needs: [ "build" ]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
@@ -44,17 +44,14 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'k8s-wait-for:latest'
-          exit-code: 1
           format: 'sarif'
           output: 'trivy-results-root.sarif'
           skip-files: /usr/local/bin/kubectl
       - name: Run Trivy Vulnerability Scanner for Non-Root Image
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'k8s-wait-for:no-root-latest'
-          exit-code: 1
-          format: 'sarif'
-          output: 'trivy-results-non-root.sarif'
+          format: 'table'
           skip-files: /usr/local/bin/kubectl
       # just upload root scan results
       - name: Upload Trivy Scan Results to GitHub Security Tab
@@ -65,7 +62,7 @@ jobs:
 
   deploy:
     needs: [ "scan" ]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     if: github.event_name == 'release' && github.event.action == 'created'
     steps:
       - name: Login to Docker Hub

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
-FROM alpine:3.20.0
+FROM alpine:3.20
 
 ENV KUBE_LATEST_VERSION="v1.28.0"
 ENV TARGETARCH="amd64"
 
 RUN apk add --update --no-cache curl jq \
-    && curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/$TARGETARCH/kubectl -o /usr/local/bin/kubectl \
+    && curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
     && chmod +x /usr/local/bin/kubectl
 
 # Replace for non-root version