fix docker build for scanning

Signed-off-by: kpango <[email protected]>
vdaas · Dec 9, 2023 · e8b6f1f · e8b6f1f
1 parent 84d2ab1
commit e8b6f1f
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 24 deletions.
diff --git a/.github/workflows/_docker-image-scan.yaml b/.github/workflows/_docker-image-scan.yaml
@@ -21,28 +21,30 @@ on:
         type: string
         description: "Build target. e.g. `agent-ngt`"
         required: true
-
 jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
       - name: Set Git config
         run: |
           git config --global --add safe.directory ${GITHUB_WORKSPACE}
-
       - name: Build the Docker image
         id: build_image
         run: |
-          make docker/build/${TARGET}
+          make \
+            REMOTE="false" \
+            DOCKER="docker" \
+            DOCKER_OPTS="${LABEL_OPTS}  --label org.opencontainers.image.version=${PRIMARY_TAG} --label org.opencontainers.image.title=${TARGET}" \
+            TAG="${PRIMARY_TAG}" \
+            docker/build/${TARGET}
           imagename=`make docker/name/${TARGET}`
-          docker tag ${imagename} ${imagename}:${{ github.sha }}
           echo "IMAGE_NAME=${imagename}" >> $GITHUB_OUTPUT
         env:
           DOCKER_BUILDKIT: 1
           TARGET: ${{ inputs.target }}
-
+          LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}"
+          PRIMARY_TAG: ${{ github.sha }}
       - name: Scan the Docker image
         uses: ./.github/actions/scan-docker-image
         with:

diff --git a/.github/workflows/dockers-image-scan.yml b/.github/workflows/dockers-image-scan.yml
@@ -17,54 +17,68 @@ name: "Docker image scanning"
 on:
   schedule:
     - cron: "0 1 * * *"
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref != 'refs/heads/main' && github.ref || github.sha }}-${{ github.event_name }}
   cancel-in-progress: true
-
 jobs:
   dump-contexts-to-log:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/dump-context
-
   agent-ngt:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
       target: agent-ngt
-
   agent-sidecar:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
       target: agent-sidecar
-
+  ci-container:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: ci-container
+  dev-container:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: dev-container
   discoverer-k8s:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
       target: discoverer-k8s
-
-  manager-index:
+  gateway-lb:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
-      target: manager-index
-
-  operator-helm:
+      target: gateway-lb
+  gateway-filter:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
-      target: operator/helm
-
+      target: gateway-filter
+  index-correction:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: index-correction
+  index-creation:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: index-creation
+  index-save:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: index-save
   loadtest:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
       target: loadtest
-
-  gateway-lb:
+  manager-index:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
-      target: gateway-lb
-
-  gateway-filter:
+      target: manager-index
+  operator-helm:
     uses: ./.github/workflows/_docker-image-scan.yaml
     with:
-      target: gateway-filter
+      target: operator/helm
+  readreplica-rotate:
+    uses: ./.github/workflows/_docker-image-scan.yaml
+    with:
+      target: readreplica-rotate