Switch to ubi8 so cves are fixable.

2024-08-28 10:30:25 +12:00
parent 6e5343f03a
commit 14761a63ca
3 changed files with 17 additions and 12 deletions
--- a/.github/workflows/manual-rhacs-pipeline.yaml
+++ b/.github/workflows/manual-rhacs-pipeline.yaml
@ -55,4 +55,4 @@ jobs:
      - name: Scan image with roxctl
        shell: bash
        run: |
-          roxctl image scan --output=table --image="quay.io/rh_ee_jablair/ubi9:v0.0.1"
+          roxctl image scan --output=table --image="quay.io/rh_ee_jablair/ubi9:v0.0.1" --insecure-skip-tls-verify
--- a/2024-08-28-rhacs-actions-pipeline/Containerfile
+++ b/2024-08-28-rhacs-actions-pipeline/Containerfile
@ -1,2 +1,2 @@
 #FROM registry.access.redhat.com/ubi9/openjdk-21-runtime@sha256:4536f1460fd9c75c300b7d0785a282c282d595d1d35f68ba10508b929dd74261
-FROM registry.access.redhat.com/ubi9/openjdk-21-runtime@sha256:c76659bd657b2d4119733d7f62276417d3375c067ab162202112c2127d9b29e1
+FROM registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:03d27b5a2df56ceb1f040085de696d594ade2ffa48b6c9bc51ac24b7c5b37b0f
--- a/2024-08-28-rhacs-actions-pipeline/README.org
+++ b/2024-08-28-rhacs-actions-pipeline/README.org
@ -5,17 +5,22 @@

 Red Hat Advanced Cluster Security can be easily integrated into an existing GitHub actions pipeline through the existing Stackrox suite of [[https://github.com/marketplace?query=stackrox][open source actions]].

+* Configure rhacs github oidc auth
+
+Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides the ability to configure short-lived access to the user interface and API calls.
+
+You can configure this by exchanging OpenID Connect (OIDC) identity tokens for a RHACS-issued token.
+
+We recommend this especially for Continuous Integration (CI) usage, where short-lived access is preferable over long-lived API tokens.
+
+Refer: https://docs.openshift.com/acs/4.5/operating/manage-user-access/configure-short-lived-access.html
+
+
+* Create github actions pipeline
+
+
 An example pipeline would look like:

 #+begin_src yaml
-steps:
-  - name: Central login
-    uses: stackrox/central-login@v1
-    with:
-      endpoint: ${{ env.CENTRAL_ENDPOINT }}
-  - name: Install roxctl
-    uses: stackrox/roxctl-installer-action@v1
-    with:
-      central-endpoint: ${{ env.CENTRAL_ENDPOINT }}
-      central-token: ${{ env.ROX_API_TOKEN }}
+
 #+end_src