opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-03 03:13:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Nightly builds: Add missing volumes for nightly builds (#74195)

Browse Source 
Add missing volumes
This commit is contained in:
Dimitris Sotirakis
2023-09-01 13:31:28 +03:00
committed by GitHub
parent 76d9f46edb
commit dd2520ece0
2 changed files with 66 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
.drone.yml
View File

@ -4177,7 +4177,7 @@ steps:
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
@ -4185,15 +4185,22 @@ steps:
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
@ -4211,6 +4218,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
@ -4233,7 +4242,7 @@ steps:
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
@ -4241,15 +4250,22 @@ steps:
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
@ -4267,6 +4283,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
@ -4289,7 +4307,7 @@ steps:
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
@ -4297,15 +4315,22 @@ steps:
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
@ -4324,6 +4349,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
@ -4346,7 +4373,7 @@ steps:
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
@ -4354,15 +4381,22 @@ steps:
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
@ -4381,6 +4415,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
@ -4429,6 +4465,8 @@ steps:
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL google/cloud-sdk:431.0.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/build-container:1.7.5
@ -4451,11 +4489,16 @@ steps:
- trivy --exit-code 1 --severity HIGH,CRITICAL us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
@ -4473,6 +4516,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
@ -4508,6 +4553,8 @@ volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
get:
name: credentials.json
@ -4682,8 +4729,3 @@ get:
path: secret/data/common/gcr
kind: secret
name: gcr_credentials
---
kind: signature
hmac: 25fbe6d5a41fe21f21031c5faa74aa8603e4d01f93ea203c9e17e19a881b2874
...

15
scripts/drone/events/cron.star
View File

@ -59,6 +59,10 @@ def cron_job_pipeline(cronName, name, steps):
"path": "/var/run/docker.sock",
},
},
{
"name": "config",
"temp": {},
},
],
}
@ -117,13 +121,13 @@ def scan_docker_image_unknown_low_medium_vulnerabilities_step(docker_image):
for key in images:
cmds = cmds + ["trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM " + images[key]]
else:
cmds = ["trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM " + docker_image]
cmds = ["trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM " + docker_image]
return {
"name": "scan-unknown-low-medium-vulnerabilities",
"image": aquasec_trivy_image,
"commands": cmds,
"depends_on": ["authenticate-gcr"],
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}, {"name": "config", "path": "/root/.docker/"}],
}
def scan_docker_image_high_critical_vulnerabilities_step(docker_image):
@ -141,13 +145,16 @@ def scan_docker_image_high_critical_vulnerabilities_step(docker_image):
for key in images:
cmds = cmds + ["trivy --exit-code 1 --severity HIGH,CRITICAL " + images[key]]
else:
cmds = ["trivy --exit-code 1 --severity HIGH,CRITICAL " + docker_image]
cmds = ["trivy image --exit-code 1 --severity HIGH,CRITICAL " + docker_image]
return {
"name": "scan-high-critical-vulnerabilities",
"image": aquasec_trivy_image,
"commands": cmds,
"depends_on": ["authenticate-gcr"],
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
"environment": {
"GOOGLE_APPLICATION_CREDENTIALS": from_secret("gcr_credentials_json"),
},
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}, {"name": "config", "path": "/root/.docker/"}],
}
def slack_job_failed_step(channel, image):