diff --git a/.pipelines/azure-pipeline-build.yml b/.pipelines/azure-pipeline-build.yml index 63ed88836..430e27d86 100644 --- a/.pipelines/azure-pipeline-build.yml +++ b/.pipelines/azure-pipeline-build.yml @@ -313,6 +313,10 @@ jobs: # Load in amd64 image to run vulnerability scan docker buildx build . --file ./build/linux/Dockerfile -t $(LINUX_FULL_IMAGE_NAME) --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json fi + workingDirectory: $(Build.SourcesDirectory)/otelcollector/ + displayName: "Build: build and push image to dev ACR" + + - bash: | MEDIA_TYPE=$(docker manifest inspect -v $(LINUX_FULL_IMAGE_NAME) | jq '.Descriptor.mediaType') DIGEST=$(docker manifest inspect -v $(LINUX_FULL_IMAGE_NAME) | jq '.Descriptor.digest') SIZE=$(docker manifest inspect -v $(LINUX_FULL_IMAGE_NAME) | jq '.Descriptor.size') @@ -320,7 +324,8 @@ jobs: {"targetArtifact":{"mediaType":$MEDIA_TYPE,"digest":$DIGEST,"size":$SIZE}} EOF workingDirectory: $(Build.SourcesDirectory)/otelcollector/ - displayName: "Build: build and push image to dev ACR" + displayName: "Build: Set values in payload.json for signing" + condition: eq(variables.IS_MAIN_BRANCH, true) - task: EsrpCodeSigning@3 displayName: "ESRP CodeSigning for Prometheus" @@ -968,7 +973,9 @@ jobs: condition: and(eq(variables.IS_PR, false), eq(variables.IS_MAIN_BRANCH, true)) dependsOn: - Common - - Chart + - Linux + - WindowsMultiArch + - ARC_Chart variables: HELM_CHART_NAME: $[ dependencies.common.outputs['setup.HELM_CHART_NAME'] ] HELM_SEMVER: $[ dependencies.common.outputs['setup.SEMVER'] ] diff --git a/.trivyignore b/.trivyignore index 35989257c..455e620b4 100644 --- a/.trivyignore +++ b/.trivyignore @@ -5,7 +5,8 @@ # none # =========== HIGH ================ -# none +# HIGH - telegraf +GHSA-fr2g-9hjm-wr23 # =========== MEDIUM ================ # MEDIUM - otelcollector