@@ -203,108 +203,105 @@ jobs:
203203 - name : Trivy Image Scan
204204 continue-on-error : true
205205 run : |
206- pwd
207- CWD=$(pwd)
208-
209- if [[ "${{ inputs.application }}" == "time-series" || "${{ inputs.application }}" == "both" ]]; then
210- echo "Building Time Series Sample app and scanning docker images"
211- cd $CWD/manufacturing-ai-suite/industrial-edge-insights-time-series/
212- make down
213-
214- INFLUXDB_USERNAME=$(tr -dc 'a-zA-Z' < /dev/urandom | head -c 8)
215- INFLUXDB_PASSWORD=$(openssl rand -hex 10)
216- VISUALIZER_GRAFANA_USER=$(tr -dc 'a-zA-Z' < /dev/urandom | head -c 8)
217- VISUALIZER_GRAFANA_PASSWORD=$(openssl rand -hex 10)
218-
219- sed -i "s/INFLUXDB_USERNAME:.*/INFLUXDB_USERNAME: ${INFLUXDB_USERNAME}/g" .env
220- sed -i "s/INFLUXDB_PASSWORD:.*/INFLUXDB_PASSWORD: ${INFLUXDB_PASSWORD}/g" .env
221- sed -i "s/VISUALIZER_GRAFANA_USER:.*/VISUALIZER_GRAFANA_USER: ${VISUALIZER_GRAFANA_USER}/g" .env
222- sed -i "s/VISUALIZER_GRAFANA_PASSWORD:.*/VISUALIZER_GRAFANA_PASSWORD: ${VISUALIZER_GRAFANA_PASSWORD}/g" .env
223-
224- make build
225- make up_mqtt_ingestion
226- make down
227-
228- declare -A IMAGE_MAP_TS
229- images=$(docker compose config | grep 'image:' | awk '{print $2}')
230- for image in $images; do
231- image_prefix=$(echo "$image" | sed 's|/|-|g')
232- image_prefix=$(echo "$image_prefix" | cut -d':' -f1)
233- IMAGE_MAP_TS["$image"]="$image_prefix"
234- done
235-
236- # Loop through images and perform Trivy scans
237- for IMAGE in "${!IMAGE_MAP_TS[@]}"; do
238- PREFIX="${IMAGE_MAP_TS[$IMAGE]}"
239-
240- echo "Scanning image: $IMAGE"
241-
242- # All scan types
243- trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/trivy-html.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.html"
244- trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/csv.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.csv"
245- trivy image --quiet --format spdx-json --output "trivy-image-scan-${PREFIX}.spdx.json" "$IMAGE"
246- trivy image --list-all-pkgs --format template --template "@$CWD/csv.tpl" --output "trivy-image-scan-${PREFIX}-list-all-pkgs.csv" "$IMAGE"
247- trivy image --ignore-unfixed "$IMAGE" | tee "trivy-image-scan-${PREFIX}-ignore-unfixed.txt"
248-
249- echo "Completed scanning $IMAGE"
250- done
251-
252- echo "completed Time Series Sample App Image scanning"
253- fi
254-
255- if [[ "${{ inputs.application }}" == "multimodal" || "${{ inputs.application }}" == "both" ]]; then
256- echo "Building Multimodal Weld Defect Detection Sample app and scanning docker images"
257- cd $CWD/manufacturing-ai-suite/industrial-edge-insights-multimodal/
258- make down
259- # Generate random values for sensitive environment variables
260- INFLUXDB_USERNAME=$(cat /dev/urandom | tr -dc 'a-zA-Z' | head -c 8)
261- echo "INFLUXDB_USERNAME: $INFLUXDB_USERNAME"
262- INFLUXDB_PASSWORD=$(openssl rand -hex 10)
263- VISUALIZER_GRAFANA_USER=$(cat /dev/urandom | tr -dc 'a-zA-Z' | head -c 8)
264- VISUALIZER_GRAFANA_PASSWORD=$(openssl rand -hex 10)
265- MTX_WEBRTCICESERVERS2_0_USERNAME=$(cat /dev/urandom | tr -dc 'a-zA-Z' | head -c 8)
266- MTX_WEBRTCICESERVERS2_0_PASSWORD=$(openssl rand -hex 10)
267- HOST_IP=$(hostname -I | awk '{print $1}')
268-
269- sed -i "s/INFLUXDB_USERNAME=.*/INFLUXDB_USERNAME=${INFLUXDB_USERNAME}/g" .env
270- sed -i "s/INFLUXDB_PASSWORD=.*/INFLUXDB_PASSWORD=${INFLUXDB_PASSWORD}/g" .env
271- sed -i "s/VISUALIZER_GRAFANA_USER=.*/VISUALIZER_GRAFANA_USER=${VISUALIZER_GRAFANA_USER}/g" .env
272- sed -i "s/VISUALIZER_GRAFANA_PASSWORD=.*/VISUALIZER_GRAFANA_PASSWORD=${VISUALIZER_GRAFANA_PASSWORD}/g" .env
273- sed -i "s/MTX_WEBRTCICESERVERS2_0_USERNAME=.*/MTX_WEBRTCICESERVERS2_0_USERNAME=${MTX_WEBRTCICESERVERS2_0_USERNAME}/g" .env
274- sed -i "s/MTX_WEBRTCICESERVERS2_0_PASSWORD=.*/MTX_WEBRTCICESERVERS2_0_PASSWORD=${MTX_WEBRTCICESERVERS2_0_PASSWORD}/g" .env
275- sed -i "s/HOST_IP=.*/HOST_IP=${HOST_IP}/g" .env
276- make build
277- make up
278- make down
279-
280- declare -A IMAGE_MAP_MM
281-
282- images=$(docker compose config | grep 'image:' | awk '{print $2}')
283- for image in $images; do
284- image_prefix=$(echo "$image" | sed 's|/|-|g')
285- image_prefix=$(echo "$image_prefix" | cut -d':' -f1)
286- IMAGE_MAP_MM["$image"]="$image_prefix"
287- done
288-
289-
290- # Loop through images and perform Trivy scans
291- for IMAGE in "${!IMAGE_MAP_MM[@]}"; do
292- PREFIX="${IMAGE_MAP_MM[$IMAGE]}"
293-
294- echo "Scanning image: $IMAGE"
295-
296- # All scan types
297- trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/trivy-html.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.html"
298- trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/csv.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.csv"
299- trivy image --quiet --format spdx-json --output "trivy-image-scan-${PREFIX}.spdx.json" "$IMAGE"
300- trivy image --list-all-pkgs --format template --template "@$CWD/csv.tpl" --output "trivy-image-scan-${PREFIX}-list-all-pkgs.csv" "$IMAGE"
301- trivy image --ignore-unfixed "$IMAGE" | tee "trivy-image-scan-${PREFIX}-ignore-unfixed.txt"
302-
303- echo "Completed scanning $IMAGE"
304- done
305-
306- echo "completed Multimodal Weld Defect Detection Sample App Image scanning"
307- fi
206+ pwd
207+ CWD=$(pwd)
208+ INFLUXDB_USERNAME=$(tr -dc 'a-zA-Z' < /dev/urandom | head -c 8)
209+ INFLUXDB_PASSWORD=$(openssl rand -hex 10)
210+ VISUALIZER_GRAFANA_USER=$(tr -dc 'a-zA-Z' < /dev/urandom | head -c 8)
211+ VISUALIZER_GRAFANA_PASSWORD=$(openssl rand -hex 10)
212+ MTX_WEBRTCICESERVERS2_0_USERNAME=$(tr -dc 'a-zA-Z' < /dev/urandom | head -c 8)
213+ MTX_WEBRTCICESERVERS2_0_PASSWORD=$(openssl rand -hex 10)
214+ HOST_IP=$(hostname -I | awk '{print $1}')
215+
216+ echo "INFLUXDB_USERNAME: $INFLUXDB_USERNAME"
217+ echo "VISUALIZER_GRAFANA_USER: $VISUALIZER_GRAFANA_USER"
218+ echo "MTX_WEBRTCICESERVERS2_0_USERNAME: $MTX_WEBRTCICESERVERS2_0_USERNAME"
219+
220+ if [[ "${{ inputs.application }}" == "time-series" || "${{ inputs.application }}" == "both" ]]; then
221+ echo "Building Time Series Sample app and scanning docker images"
222+ cd $CWD/manufacturing-ai-suite/industrial-edge-insights-time-series/
223+ make down
224+
225+ sed -i "s/INFLUXDB_USERNAME:.*/INFLUXDB_USERNAME: ${INFLUXDB_USERNAME}/g" .env
226+ sed -i "s/INFLUXDB_PASSWORD:.*/INFLUXDB_PASSWORD: ${INFLUXDB_PASSWORD}/g" .env
227+ sed -i "s/VISUALIZER_GRAFANA_USER:.*/VISUALIZER_GRAFANA_USER: ${VISUALIZER_GRAFANA_USER}/g" .env
228+ sed -i "s/VISUALIZER_GRAFANA_PASSWORD:.*/VISUALIZER_GRAFANA_PASSWORD: ${VISUALIZER_GRAFANA_PASSWORD}/g" .env
229+
230+ make build
231+ make up_mqtt_ingestion
232+ make down
233+
234+ declare -A IMAGE_MAP_TS
235+ images=$(docker compose config | grep 'image:' | awk '{print $2}')
236+ for image in $images; do
237+ image_prefix=$(echo "$image" | sed 's|/|-|g')
238+ image_prefix=$(echo "$image_prefix" | cut -d':' -f1)
239+ IMAGE_MAP_TS["$image"]="$image_prefix"
240+ done
241+
242+ # Loop through images and perform Trivy scans
243+ for IMAGE in "${!IMAGE_MAP_TS[@]}"; do
244+ PREFIX="${IMAGE_MAP_TS[$IMAGE]}"
245+
246+ echo "Scanning image: $IMAGE"
247+
248+ # All scan types
249+ trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/trivy-html.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.html"
250+ trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/csv.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.csv"
251+ trivy image --quiet --format spdx-json --output "trivy-image-scan-${PREFIX}.spdx.json" "$IMAGE"
252+ trivy image --list-all-pkgs --format template --template "@$CWD/csv.tpl" --output "trivy-image-scan-${PREFIX}-list-all-pkgs.csv" "$IMAGE"
253+ trivy image --ignore-unfixed "$IMAGE" | tee "trivy-image-scan-${PREFIX}-ignore-unfixed.txt"
254+
255+ echo "Completed scanning $IMAGE"
256+ done
257+
258+ echo "completed Time Series Sample App Image scanning"
259+ fi
260+
261+ if [[ "${{ inputs.application }}" == "multimodal" || "${{ inputs.application }}" == "both" ]]; then
262+ echo "Building Multimodal Weld Defect Detection Sample app and scanning docker images"
263+ cd $CWD/manufacturing-ai-suite/industrial-edge-insights-multimodal/
264+ make down
265+
266+ sed -i "s/INFLUXDB_USERNAME=.*/INFLUXDB_USERNAME=${INFLUXDB_USERNAME}/g" .env
267+ sed -i "s/INFLUXDB_PASSWORD=.*/INFLUXDB_PASSWORD=${INFLUXDB_PASSWORD}/g" .env
268+ sed -i "s/VISUALIZER_GRAFANA_USER=.*/VISUALIZER_GRAFANA_USER=${VISUALIZER_GRAFANA_USER}/g" .env
269+ sed -i "s/VISUALIZER_GRAFANA_PASSWORD=.*/VISUALIZER_GRAFANA_PASSWORD=${VISUALIZER_GRAFANA_PASSWORD}/g" .env
270+ sed -i "s/MTX_WEBRTCICESERVERS2_0_USERNAME=.*/MTX_WEBRTCICESERVERS2_0_USERNAME=${MTX_WEBRTCICESERVERS2_0_USERNAME}/g" .env
271+ sed -i "s/MTX_WEBRTCICESERVERS2_0_PASSWORD=.*/MTX_WEBRTCICESERVERS2_0_PASSWORD=${MTX_WEBRTCICESERVERS2_0_PASSWORD}/g" .env
272+ sed -i "s/HOST_IP=.*/HOST_IP=${HOST_IP}/g" .env
273+ make build
274+ make up
275+ make down
276+
277+ declare -A IMAGE_MAP_MM
278+
279+ images=$(docker compose config | grep 'image:' | awk '{print $2}')
280+ for image in $images; do
281+ image_prefix=$(echo "$image" | sed 's|/|-|g')
282+ image_prefix=$(echo "$image_prefix" | cut -d':' -f1)
283+ IMAGE_MAP_MM["$image"]="$image_prefix"
284+ done
285+
286+
287+ # Loop through images and perform Trivy scans
288+ for IMAGE in "${!IMAGE_MAP_MM[@]}"; do
289+ PREFIX="${IMAGE_MAP_MM[$IMAGE]}"
290+
291+ echo "Scanning image: $IMAGE"
292+
293+ # All scan types
294+ trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/trivy-html.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.html"
295+ trivy image "$IMAGE" --ignore-unfixed --format template --template "@$CWD/csv.tpl" -o "trivy-image-scan-${PREFIX}-ignore-unfixed.csv"
296+ trivy image --quiet --format spdx-json --output "trivy-image-scan-${PREFIX}.spdx.json" "$IMAGE"
297+ trivy image --list-all-pkgs --format template --template "@$CWD/csv.tpl" --output "trivy-image-scan-${PREFIX}-list-all-pkgs.csv" "$IMAGE"
298+ trivy image --ignore-unfixed "$IMAGE" | tee "trivy-image-scan-${PREFIX}-ignore-unfixed.txt"
299+
300+ echo "Completed scanning $IMAGE"
301+ done
302+
303+ echo "completed Multimodal Weld Defect Detection Sample App Image scanning"
304+ fi
308305
309306name : Upload Trivy Image Scan Report
310307 continue-on-error : true
0 commit comments