Skip to content

Commit abfdd2f

Browse files
anthony-nhsanthony-nhs
authored
New: [AEA-0000] - add zizmor and remove all trace of trivy (#68)
## Summary - Routine Change ### Details - add zizmor - remove all trace of trivy
1 parent bef1c5f commit abfdd2f

File tree

47 files changed

+37
-1713
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

47 files changed

+37
-1713
lines changed

.devcontainer/Dockerfile.bootstrap

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,3 @@
1-
# This can be used to bootstrap devcontainer when no images have been pushed
2-
FROM alpine:3.23.3 AS build
3-
ARG TARGETARCH
4-
RUN apk add --no-cache cosign bash curl jq
5-
COPY src/base/.devcontainer/scripts/install_trivy.sh /tmp/install_trivy.sh
6-
RUN case "${TARGETARCH}" in \
7-
x86_64|amd64) TRIVY_ARCH=64bit ;; \
8-
aarch64|arm64) TRIVY_ARCH=ARM64 ;; \
9-
*) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
10-
esac \
11-
&& INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh
12-
13-
141
FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
152
ARG TARGETARCH
163
ENV TARGETARCH=${TARGETARCH}
@@ -75,8 +62,6 @@ RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
7562
chmod 755 /usr/share/secrets-scanner && \
7663
curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
7764

78-
COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy
79-
8065
USER vscode
8166

8267
ENV PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"

.github/workflows/build_multi_arch_image.yml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,13 +63,6 @@ jobs:
6363
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
6464
with:
6565
fetch-depth: 0
66-
# - name: setup trivy
67-
# run: |
68-
# mkdir -p "$RUNNER_TEMP/bin"
69-
# docker build --output="$RUNNER_TEMP/bin" -f "src/base/.devcontainer/Dockerfile.trivy.${ARCH}" .
70-
# echo "$RUNNER_TEMP/bin" >> "$GITHUB_PATH"
71-
# env:
72-
# ARCH: '${{ matrix.arch }}'
7366
- name: setup node
7467
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
7568
with:

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@ src/base/.devcontainer/language_versions/
44
.trivyignore_combined.yaml
55
.out/
66
.envrc
7-
.trivy_out/
7+
.grype_out/

0 commit comments

Comments
 (0)