Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ecr scan step #2519

Merged
merged 2 commits into from
Oct 10, 2023
Merged

Add ecr scan step #2519

merged 2 commits into from
Oct 10, 2023

Conversation

danstn
Copy link
Contributor

@danstn danstn commented Oct 9, 2023
edited
Loading

This will introduce a soft-fail step that will add ECR scan results to build annotation.

@buildkite-docs-bot
Copy link
Contributor

Preview URL: https://2519--bk-docs-preview.netlify.app

@danstn danstn requested a review from dannymidnight October 9, 2023 07:49
@danstn danstn marked this pull request as ready for review October 9, 2023 07:49
@dannymidnight
Copy link
Contributor

Nice one. Thanks @danstn

yob
yob reviewed Oct 9, 2023
View reviewed changes
.buildkite/pipeline.deploy.yml
- name: ":ecr: ECR Vulnerabilities Scan"
command: "true"
soft_fail: true
plugins:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need a depends_on to ensure it runs after the image is pushed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Updated here 6ce1032.

yob
yob reviewed Oct 9, 2023
View reviewed changes
.buildkite/pipeline.deploy.yml
plugins:
- buildkite/ecr-scan-results#v1.2.0:
image-name: "${ECR_REPO}:${BUILDKITE_BUILD_NUMBER}"

# If the current user is part of the deploy team, then wait for everything to
# finish before deploying
- wait: ~
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this wait need to depend on the ECR scan? Maybe not now I guess, while the ECR scan is soft fail?

@danstn danstn merged commit f5c4129 into main Oct 10, 2023
1 check passed
@danstn danstn deleted the plt-1598-enable-ecr-scanning-docs branch October 10, 2023 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yob yob yob left review comments

@dannymidnight dannymidnight dannymidnight approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@danstn @buildkite-docs-bot @dannymidnight @yob