Skip to content

Commit 3e35294

Browse files
fix ver
1 parent 6cea804 commit 3e35294

File tree

1 file changed

+18
-36
lines changed

1 file changed

+18
-36
lines changed

.github/workflows/dev-build.yaml

+18-36
Original file line numberDiff line numberDiff line change
@@ -92,41 +92,23 @@ jobs:
9292
echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
9393
shell: bash
9494

95-
96-
cve_matrix:
97-
strategy:
98-
matrix:
99-
cve: ${{ fromJSON(format('[{0}]', steps.cve-list.outputs.CVE_EXCEPTIONS)) }}
100-
steps:
101-
- name: Add VEX attestations
102-
uses: docker/scout-cli-action@v1
103-
with:
104-
command: attestation-add
105-
only-severity: critical,high
106-
tags: ${{ steps.meta.outputs.tags }}
107-
file: ./docker/vex/${{ matrix.cve }}.vex.json
108-
predicate-type: https://openvex.dev/ns/v0.2.0
109-
11095
# About VEX attestations https://docs.docker.com/scout/explore/exceptions/
11196
# Justifications https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#status-justifications
112-
# - name: Add VEX attestations
113-
# uses: docker/scout-cli-action@v1
114-
# with:
115-
# command: attestation-add
116-
# only-severity: critical,high
117-
# tags: ${{ steps.meta.outputs.tags }}
118-
# file: ./docker/vex/${{ matrix.cve }}.vex.json
119-
# predicate-type: https://openvex.dev/ns/v0.2.0 strategy:
120-
121-
# run: |
122-
# echo $CVE_EXCEPTIONS
123-
# curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
124-
# for cve in $CVE_EXCEPTIONS; do
125-
# for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
126-
# echo "Attaching VEX exception $cve to $tag"
127-
# docker scout attestation add \
128-
# --file "./docker/vex/$cve.vex.json" \
129-
# --predicate-type https://openvex.dev/ns/v0.2.0 \
130-
# $tag
131-
# done
132-
# done
97+
# Fixed to use v1.15.1 of scout-cli as v1.16.0 install script is broken
98+
# https://github.com/docker/scout-cli
99+
- name: Add VEX attestations
100+
env:
101+
CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
102+
run: |
103+
echo $CVE_EXCEPTIONS
104+
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- v1.15.1
105+
for cve in $CVE_EXCEPTIONS; do
106+
for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
107+
echo "Attaching VEX exception $cve to $tag"
108+
docker scout attestation add \
109+
--file "./docker/vex/$cve.vex.json" \
110+
--predicate-type https://openvex.dev/ns/v0.2.0 \
111+
$tag
112+
done
113+
done
114+
shell: bash

0 commit comments

Comments
 (0)