ci: add trivy ci flag

NetApp · Oct 22, 2024 · 871725e · 871725e
1 parent 94eb6fc
commit 871725e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/.github/ISSUE_TEMPLATE/release-template.md b/.github/ISSUE_TEMPLATE/release-template.md
@@ -27,6 +27,7 @@ git push origin release/$RELEASE
 | DOCKER_PUBLISH              | false           |
 | RUN_TEST                    | true            |
 | OVERWRITE_DOCKER_LATEST_TAG | false           |
+| RUN_TRIVY_SCAN              | true            |
 
 - [ ] Create a release branch for the harvest-metrics repo like so:
 ```bash
@@ -76,6 +77,7 @@ bin/harvest generate metrics --poller POLLERNAME
 | DOCKER_PUBLISH              | true            |
 | RUN_TEST                    | true            |
 | OVERWRITE_DOCKER_LATEST_TAG | true            |
+| RUN_TRIVY_SCAN              | true            |
 
 - [ ] [Draft a new release](https://github.com/NetApp/harvest/releases). Use `v$RELEASE` for the tag and pick the release/$RELEASE branch.
 - [ ] Type `$RELEASE` in the `Release title` text input 

diff --git a/jenkins/artifacts/jenkinsfile b/jenkins/artifacts/jenkinsfile
@@ -9,6 +9,7 @@ pipeline {
 		string(name: 'DOCKER_PUBLISH', defaultValue: 'false', description: 'true to publish to dockerhub')
 		string(name: 'RUN_TEST', defaultValue: 'true', description: 'false to skip test')
 		string(name: 'OVERWRITE_DOCKER_LATEST_TAG', defaultValue: 'false', description: 'true to overwrite latest tag at dockerhub. Works only if DOCKER_PUBLISH is true')
+		string(name: 'RUN_TRIVY_SCAN', defaultValue: 'false', description: 'true to run Trivy image scan')
     }
 
     environment {
@@ -186,6 +187,11 @@ pipeline {
         }
 
         stage('Trivy Image Scan') {
+            when {
+                expression {
+                    return params.RUN_TRIVY_SCAN == 'true';
+                }
+            }
             steps {
                 script {
                     currentStage = 'Trivy Image Scan'