all phases complete!
This commit is contained in:
@@ -6,24 +6,33 @@ metadata:
|
||||
spec:
|
||||
templates:
|
||||
- name: scan-crossguard
|
||||
metadata:
|
||||
annotations:
|
||||
secrets.infisical.com/auto-reload: "true"
|
||||
initContainers:
|
||||
- name: wait-for-infisical
|
||||
image: alpine:3.20
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
args:
|
||||
- until [ -n "${DEFECTDOJO_API_KEY:-}" ]; do sleep 2; done
|
||||
container:
|
||||
image: alpine:3.20
|
||||
image: pulumi/pulumi:3.154.0
|
||||
env:
|
||||
- name: PULUMI_ACCESS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: PULUMI_ACCESS_TOKEN
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
args:
|
||||
- mkdir -p /workspace/reports && echo "stub: defectdojo" > /workspace/reports/crossguard.json
|
||||
- |
|
||||
set -eu
|
||||
mkdir -p /workspace/reports
|
||||
cd /workspace
|
||||
pulumi preview --policy-pack ./policy-pack > /workspace/reports/crossguard.json 2>&1 || true
|
||||
volumeMounts:
|
||||
- name: workspace
|
||||
mountPath: /workspace
|
||||
|
||||
Reference in New Issue
Block a user