forked from fauria/docker-mailman
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines.yml
42 lines (36 loc) · 1.81 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
trigger:
batch: true
branches:
include:
- master
steps:
- bash: |
TOKEN="0389c33b-e3af-4377-8ac0-14e798345a5f"
URL="https://secure.sysdig.com/api/scanning/v1/anchore"
IMAGE="docker-mailmain:latest"
###################
# Internal Vars
##################
DIGEST=""
RETRIES=96
DIGEST=$(curl -s -k --request POST --header "Accept: application/json" --header "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" --data '{"tag":'\"${IMAGE}\"'}' ${URL}/images/ | jq -r ".[].imageDigest" 2>/dev/null)
[ $? -ne 0 ] && echo "Error adding image to scan queue!" && exit 1
STATUS=$(curl -s -k --header "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" ${URL}/images/${DIGEST} | jq -r ".[].analysis_status" 2>/dev/null)
[ $? -ne 0 ] && echo "Error getting analysus status!" && exit 1
FULLTAG=$(curl -s -k --request POST --header "Accept: application/json" --header "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" --data '{"tag":'\"${IMAGE}\"'}' ${URL}/images/ | jq -r ".[].image_detail[0].fulltag" 2>/dev/null )
[ $? -ne 0 ] && echo "Error getting image full tag!" && exit 1
echo $STATUS
for ((i=0; i<${RETRIES}; i++)); do
status=$(curl -s -k --header "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" "${URL}/images/${DIGEST}/check?tag=$FULLTAG&detail=false" | grep "status" | awk '{print $2}')
if [ ! -z "$status" ]; then
echo "Status is $status"
break
fi
echo -n "." && sleep 5
done
echo "Scan Report - "
curl -s -k --header "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" "${URL}/images/${DIGEST}/check?tag=$FULLTAG&detail=true"
echo "$status" | grep -v fail
exit $?
esac
displayName: Sysdig Secure Scanning