jmhbnz/talks
1
0
Fork 0
Code Releases Activity

Switch to ubi8 so cves are fixable.

Browse Source
This commit is contained in:
James Blair
2024-08-28 10:30:25 +12:00
parent 6e5343f03a
commit 14761a63ca
3 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/manual-rhacs-pipeline.yaml vendored
View File

@ -55,4 +55,4 @@ jobs:
- name: Scan image with roxctl - name: Scan image with roxctl
shell: bash shell: bash
run: | run: |
roxctl image scan --output=table --image="quay.io/rh_ee_jablair/ubi9:v0.0.1" roxctl image scan --output=table --image="quay.io/rh_ee_jablair/ubi9:v0.0.1" --insecure-skip-tls-verify

2
2024-08-28-rhacs-actions-pipeline/Containerfile
View File

@ -1,2 +1,2 @@
#FROM registry.access.redhat.com/ubi9/openjdk-21-runtime@sha256:4536f1460fd9c75c300b7d0785a282c282d595d1d35f68ba10508b929dd74261 #FROM registry.access.redhat.com/ubi9/openjdk-21-runtime@sha256:4536f1460fd9c75c300b7d0785a282c282d595d1d35f68ba10508b929dd74261
FROM registry.access.redhat.com/ubi9/openjdk-21-runtime@sha256:c76659bd657b2d4119733d7f62276417d3375c067ab162202112c2127d9b29e1 FROM registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:03d27b5a2df56ceb1f040085de696d594ade2ffa48b6c9bc51ac24b7c5b37b0f

25
2024-08-28-rhacs-actions-pipeline/README.org
View File

@ -5,17 +5,22 @@
Red Hat Advanced Cluster Security can be easily integrated into an existing GitHub actions pipeline through the existing Stackrox suite of [[https://github.com/marketplace?query=stackrox][open source actions]]. Red Hat Advanced Cluster Security can be easily integrated into an existing GitHub actions pipeline through the existing Stackrox suite of [[https://github.com/marketplace?query=stackrox][open source actions]].
* Configure rhacs github oidc auth
Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides the ability to configure short-lived access to the user interface and API calls.
You can configure this by exchanging OpenID Connect (OIDC) identity tokens for a RHACS-issued token.
We recommend this especially for Continuous Integration (CI) usage, where short-lived access is preferable over long-lived API tokens.
Refer: https://docs.openshift.com/acs/4.5/operating/manage-user-access/configure-short-lived-access.html
* Create github actions pipeline
An example pipeline would look like: An example pipeline would look like:
#+begin_src yaml #+begin_src yaml
steps:
- name: Central login
uses: stackrox/central-login@v1
with:
endpoint: ${{ env.CENTRAL_ENDPOINT }}
- name: Install roxctl
uses: stackrox/roxctl-installer-action@v1
with:
central-endpoint: ${{ env.CENTRAL_ENDPOINT }}
central-token: ${{ env.ROX_API_TOKEN }}
#+end_src #+end_src