CD/CD consolidation
This commit is contained in:
StellaOps Bot
22
devops/tools/export-scripts/oci-verify.sh
Normal file
22
devops/tools/export-scripts/oci-verify.sh
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# Verify OCI distribution path works (push/pull loop).
|
||||
|
||||
IMAGE=${IMAGE:-"ghcr.io/stella-ops/exporter:edge"}
|
||||
TMP="out/export-oci"
|
||||
mkdir -p "$TMP"
|
||||
|
||||
echo "[export-oci] pulling $IMAGE"
|
||||
docker pull "$IMAGE"
|
||||
|
||||
echo "[export-oci] retagging and pushing to local cache"
|
||||
LOCAL="localhost:5001/exporter:test"
|
||||
docker tag "$IMAGE" "$LOCAL"
|
||||
|
||||
docker push "$LOCAL" || echo "[export-oci] push skipped (no local registry?)"
|
||||
|
||||
echo "[export-oci] pulling back for verification"
|
||||
docker pull "$LOCAL" || true
|
||||
|
||||
echo "[export-oci] done"
|
||||
24
devops/tools/export-scripts/trivy-compat.sh
Normal file
24
devops/tools/export-scripts/trivy-compat.sh
Normal file
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# DEVOPS-EXPORT-36-001: Trivy compatibility & signing checks
|
||||
|
||||
IMAGE=${IMAGE:-"ghcr.io/stella-ops/exporter:edge"}
|
||||
OUT="out/export-compat"
|
||||
mkdir -p "$OUT"
|
||||
|
||||
echo "[export-compat] pulling image $IMAGE"
|
||||
docker pull "$IMAGE"
|
||||
|
||||
echo "[export-compat] running trivy image --severity HIGH,CRITICAL"
|
||||
trivy image --severity HIGH,CRITICAL --quiet "$IMAGE" > "$OUT/trivy.txt" || true
|
||||
|
||||
echo "[export-compat] verifying cosign signature if present"
|
||||
if command -v cosign >/dev/null 2>&1; then
|
||||
cosign verify "$IMAGE" > "$OUT/cosign.txt" || true
|
||||
fi
|
||||
|
||||
echo "[export-compat] trivy module db import smoke"
|
||||
trivy module db import --file "$OUT/trivy-module.db" 2>/dev/null || true
|
||||
|
||||
echo "[export-compat] done; outputs in $OUT"
|
||||
Reference in New Issue
Block a user