From 4bc709dbc0d9c6e4ea29257e7e7d6c2b221d9f6c Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Thu, 8 Aug 2024 18:23:55 +0200 Subject: [PATCH] fix: install grype during release Signed-off-by: Philip Laine --- .github/workflows/release.yml | 6 ++++++ .grype.yaml | 4 ++++ 2 files changed, 10 insertions(+) create mode 100644 .grype.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 88e9a3e650..52b3d38b31 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,6 +26,12 @@ jobs: - name: Install tools uses: ./.github/actions/install-tools + - name: install grype + env: + VERSION: v0.74.6 + run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION" + shell: bash + - name: Build CLI run: | make build-cli-linux-amd diff --git a/.grype.yaml b/.grype.yaml new file mode 100644 index 0000000000..e5c8be63c8 --- /dev/null +++ b/.grype.yaml @@ -0,0 +1,4 @@ +ignore: + # From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). + # https://helm.sh/blog/response-cve-2019-25210/ + - vulnerability: GHSA-jw44-4f3j-q396