Testing yml changes

sightmachine · Mar 26, 2024 · 6dd3786 · 6dd3786
1 parent d044356
commit 6dd3786
Showing 1 changed file with 36 additions and 16 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -197,30 +197,50 @@ jobs:
 
   ## ------------- Check python code and container image against known security issues -----------
   cve-image-scan:
-    machine:
-      image: default
+    # machine:
+    #   image: default
+    # steps:
+    #   - sm-build/configure_gcr_docker_access
+    #   - checkout
+    #   - sm-build/trivy_scan_filesystem:
+    #       report_json_name: fs_report.json
+    #       report_html_name: fs_report.html
+    #   - store_artifacts:
+    #       name: Save Filesystem Report
+    #       path: fs_report.html
+    #   - sm-build/trivy_scan_image:
+    #       report_json_name: image_report.json
+    #       report_html_name: image_report.html
+    #       container_repo: gcr.io/sightmachine-178216/ma # No SDK container image in gcr.io/gcr.io/sightmachine-178216
+    #       container_tag: master
+    #   - store_artifacts:
+    #       name: Save Image Report
+    #       path: image_report.html
+    #   # The following will mark the build as failed if there are issues in the report.
+    #   - sm-build/trivy_notify_on_issues:
+    #       slack_channel: monitoring-sdk
+    #       slack_branch_pattern: master
+    #       report_list: Repo|fs_report.json|fs_report.html,Image|image_report.json|image_report.html
+
+    docker:
+      # https://circleci.com/developer/images/image/cimg/python
+      - image: cimg/base:current
     steps:
-      - sm-build/configure_gcr_docker_access
+      # Checkout the code from the master branch
       - checkout
+      # Perform the security scan on the filesystem
       - sm-build/trivy_scan_filesystem:
-          report_json_name: fs_report.json
-          report_html_name: fs_report.html
-      - store_artifacts:
-          name: Save Filesystem Report
-          path: fs_report.html
-      # - sm-build/trivy_scan_image:
-      #     report_json_name: image_report.json
-      #     report_html_name: image_report.html
-      #     container_repo: gcr.io/sightmachine-178216/ma # No SDK container image in gcr.io/gcr.io/sightmachine-178216
-      #     container_tag: master
+          report_json_name: fs_report_master.json
+          report_html_name: fs_report_master.html
+      # Store the artifacts for the master branch scan
       - store_artifacts:
-          name: Save Image Report
-          path: image_report.html
+          name: Save Master Branch Filesystem Report
+          path: fs_report_master.html
       # The following will mark the build as failed if there are issues in the report.
       - sm-build/trivy_notify_on_issues:
           slack_channel: monitoring-sdk
           slack_branch_pattern: master
-          report_list: Repo|fs_report.json|fs_report.html,Image|image_report.json|image_report.html
+          report_list: Repo|fs_report_master.json|fs_report_master.html
 
   ## ------------------ Mypy for Static Type Checking python code ------------------
   mypy-type-checks: