changes to make docker push internal (#1636)

Rchanger · srokade-tenable · web-flow · commit 7efbb9d5121c · 2023-11-01T19:14:40.000+05:30
Co-authored-by: Suvarna Rokade &lt;srokade@tenable.com&gt;
diff --git a/.github/workflows/gobuild.yml b/.github/workflows/gobuild.yml
@@ -82,4 +82,4 @@ jobs:
       - name: Run scan
         run: |
           image_tag=$(<dockerhub-image-label.txt)
-          docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest jobs execute-job  --credential-mode env -n teams-deleng-terraform -p deleng-terraform/dockerhub-publish -d "{\"APPID\":\"test\", \"IMAGE\":\"docker-terrascan-local.artifactory.eng.tenable.com/terrascan:${image_tag}\", \"TARGETS\": \"tenable/terrascan:${image_tag},"tenable/terrascan:latest\", \"MULTIARCH\":\"true\"}" --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}
+          docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest jobs execute-job  --credential-mode env -n teams-deleng-terraform -p deleng-terraform/dockerhub-publish -d "{\"APPID\":\"test\", \"IMAGE\":\"docker-terrascan-local.artifactory.eng.tenable.com/terrascan:${image_tag}\", \"TARGETS\": \"tenable/terrascan:${image_tag},tenable/terrascan:latest\", \"MULTIARCH\":\"true\"}" --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -38,19 +38,26 @@ jobs:
 
       - uses: docker/setup-qemu-action@v2
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to Artifactory
+        run: docker login --username svc_terrascan --password ${{ secrets.ARTIFACTORY_API_TOKEN }}  https://docker-terrascan-local.artifactory.eng.tenable.com
 
-      - name: Build and Push Terrascan latest tag docker image
+      - name: Build Terrascan latest tag docker image
         run: make docker-build-push-latest-tag
         env:
           MULTIPLATFORM: true
 
+      - name: Pull latest Image
+        run:  docker pull docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest
+
+      - name: Run scan on terrascan image
+        run: |
+          image_tag=$(<dockerhub-image-label.txt)
+          docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest jobs execute-job  --credential-mode env -n teams-deleng-terraform -p deleng-terraform/dockerhub-publish -d "{\"APPID\":\"test\", \"IMAGE\":\"docker-terrascan-local.artifactory.eng.tenable.com/terrascan:${image_tag}\", \"TARGETS\": \"tenable/terrascan:${image_tag},tenable/terrascan:latest\", \"MULTIARCH\":\"true\"}" --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}
+
       - name: Build terrascan_atlantis docker image
         run: make atlantis-docker-build
 
-      - name: Push terrascan_atlantis latest tag docker image
-        run: make atlantis-docker-push-latest-tag
+      - name: Run scan on terrascan_atlantis image 
+        run: |
+          image_tag=$(<dockerhub-image-label.txt)
+          docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest jobs execute-job  --credential-mode env -n teams-deleng-terraform -p deleng-terraform/dockerhub-publish -d "{\"APPID\":\"test\", \"IMAGE\":\"docker-terrascan-local.artifactory.eng.tenable.com/terrascan_atlantis:${image_tag}\", \"TARGETS\": \"tenable/terrascan_atlantis:${image_tag}\", \"MULTIARCH\":\"true\"}" --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}
diff --git a/scripts/atlantis/docker-build.sh b/scripts/atlantis/docker-build.sh
@@ -5,7 +5,7 @@ set -o nounset
 set -o pipefail
 
 GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
-DOCKER_REPO="tenable/terrascan_atlantis"
+DOCKER_REPO="docker-terrascan-local.artifactory.eng.tenable.com/terrascan_atlantis"
 DIR="./integrations/atlantis"
 
 docker build -t ${DOCKER_REPO}:${GIT_COMMIT} ${DIR}
diff --git a/scripts/atlantis/docker-push-latest-tag.sh b/scripts/atlantis/docker-push-latest-tag.sh
@@ -5,7 +5,7 @@ set -o nounset
 set -o pipefail
 
 GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
-DOCKER_REPO="tenable/terrascan_atlantis"
+DOCKER_REPO="docker-terrascan-local.artifactory.eng.tenable.com/terrascan_atlantis"
 LATEST_TAG=$(git describe --abbrev=0 --tags)
 LATEST_TAG_SHORT=$(echo "${LATEST_TAG//v}")
 
diff --git a/scripts/atlantis/docker-push-latest.sh b/scripts/atlantis/docker-push-latest.sh
@@ -5,7 +5,7 @@ set -o nounset
 set -o pipefail
 
 GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
-DOCKER_REPO="tenable/terrascan_atlantis"
+DOCKER_REPO="docker-terrascan-local.artifactory.eng.tenable.com/terrascan_atlantis"
 LATEST_TAG="latest"
 
 # PS: It is a prerequisite to execute 'docker login' before running this script
