Use channel.yaml instead of curling for stable for kubectl install (#13531)

* Use channel.yaml instead of curling for stable for kubectl install * Stop vex report from leaking out of make local-image Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-03 20:39:49 -05:00 · 2026-02-03 17:18:16 -08:00 · 2026-02-03 17:18:16 -08:00 · daa11863d2
commit daa11863d2
parent ce17fce058
2 changed files with 4 additions and 2 deletions
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -104,7 +104,8 @@ jobs:
        uses: ./.github/actions/setup-go
      - name: Install Kubectl
        run: |
-           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+           STABLE_VERSION=$(yq '.channels[] | select(.name == "stable") | .latest | sub("\+.*", "")' channel.yaml)
+           curl -LO "https://dl.k8s.io/release/${STABLE_VERSION}/bin/linux/amd64/kubectl"
           sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
      - name: "Download k3s binary"
        uses: actions/download-artifact@v7
--- a/scripts/image_scan.sh
+++ b/scripts/image_scan.sh
@ -30,11 +30,12 @@ TRIVY_TEMPLATE='{{- $critical := 0 }}{{- $high := 0 }}
    {{- end -}}
 {{ end }}
 Vulnerabilities - Critical: {{ $critical }}, High: {{ $high }}{{ println }}'
-VEX_REPORT="rancher.openvex.json"
+VEX_REPORT="/tmp/rancher.openvex.json"

 # Download Rancher's VEX Hub standalone report
 curl -fsS -o ${VEX_REPORT} https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json

 trivy --quiet image --severity ${SEVERITIES} --vex ${VEX_REPORT} --no-progress --ignore-unfixed --format template --template "${TRIVY_TEMPLATE}" ${IMAGE}

+rm ${VEX_REPORT}
 exit 0