upstream/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2026-02-03 20:39:49 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Use channel.yaml instead of curling for stable for kubectl install (#13531)
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details

Browse source 
* Use channel.yaml instead of curling for stable for kubectl install
* Stop vex report from leaking out of make local-image

Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola 2026-02-03 17:18:16 -08:00 committed by GitHub
parent ce17fce058
commit daa11863d2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/e2e.yaml vendored
View file

@ -104,7 +104,8 @@ jobs:
uses: ./.github/actions/setup-go uses: ./.github/actions/setup-go
- name: Install Kubectl - name: Install Kubectl
run: | run: |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" STABLE_VERSION=$(yq '.channels[] | select(.name == "stable") | .latest | sub("\+.*", "")' channel.yaml)
curl -LO "https://dl.k8s.io/release/${STABLE_VERSION}/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: "Download k3s binary" - name: "Download k3s binary"
uses: actions/download-artifact@v7 uses: actions/download-artifact@v7

3
scripts/image_scan.sh
View file

@ -30,11 +30,12 @@ TRIVY_TEMPLATE='{{- $critical := 0 }}{{- $high := 0 }}
{{- end -}} {{- end -}}
{{ end }} {{ end }}
Vulnerabilities - Critical: {{ $critical }}, High: {{ $high }}{{ println }}' Vulnerabilities - Critical: {{ $critical }}, High: {{ $high }}{{ println }}'
VEX_REPORT="rancher.openvex.json" VEX_REPORT="/tmp/rancher.openvex.json"
# Download Rancher's VEX Hub standalone report # Download Rancher's VEX Hub standalone report
curl -fsS -o ${VEX_REPORT} https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json curl -fsS -o ${VEX_REPORT} https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json
trivy --quiet image --severity ${SEVERITIES} --vex ${VEX_REPORT} --no-progress --ignore-unfixed --format template --template "${TRIVY_TEMPLATE}" ${IMAGE} trivy --quiet image --severity ${SEVERITIES} --vex ${VEX_REPORT} --no-progress --ignore-unfixed --format template --template "${TRIVY_TEMPLATE}" ${IMAGE}
rm ${VEX_REPORT}
exit 0 exit 0