Add multi-arch image scans

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2024-11-24 13:05:17 +00:00 · 2022-02-18 14:50:40 +02:00 · 2022-02-18 14:50:40 +02:00 · 93ca91ac3f
commit 93ca91ac3f
parent cc593087d2
2 changed files with 54 additions and 5 deletions
--- a/.common-ci.yml
+++ b/.common-ci.yml
@ -97,6 +97,15 @@ stages:
  variables:
    ARCH: x86_64

+# Define the platform targets
+.platform-amd64:
+  variables:
+    PLATFORM: linux/amd64
+
+.platform-arm64:
+  variables:
+    PLATFORM: linux/arm64
+
 # Define test helpers
 .integration:
  stage: test
--- a/.nvidia-ci.yml
+++ b/.nvidia-ci.yml
@ -112,7 +112,7 @@ image-packaging:
  before_script:
    - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
    # TODO: We should specify the architecture here and scan all architectures
-    - docker pull "${IMAGE}"
+    - docker pull --platform="${PLATFORM}" "${IMAGE}"
    - docker save "${IMAGE}" -o "${IMAGE_ARCHIVE}"
    - AuthHeader=$(echo -n $SSA_CLIENT_ID:$SSA_CLIENT_SECRET | base64 -w0)
    - >
@ -131,34 +131,74 @@ image-packaging:
      - policy_evaluation.json

 # Define the scan targets
-scan-centos7:
+scan-centos7-amd64:
  extends:
    - .scan
    - .dist-centos7
+    - .platform-amd64
  needs:
    - image-centos7

-scan-centos8:
+scan-centos7-arm64:
+  extends:
+    - .scan
+    - .dist-centos7
+    - .platform-arm64
+  needs:
+    - image-centos7
+    - scan-centos7-amd64
+
+scan-centos8-amd64:
  extends:
    - .scan
    - .dist-centos8
+    - .platform-amd64
  needs:
    - image-centos8

-scan-ubuntu18.04:
+scan-centos8-arm64:
+  extends:
+    - .scan
+    - .dist-centos8
+    - .platform-arm64
+  needs:
+    - image-centos8
+    - scan-centos8-amd64
+
+scan-ubuntu18.04-amd64:
  extends:
    - .scan
    - .dist-ubuntu18.04
+    - .platform-amd64
  needs:
    - image-ubuntu18.04

-scan-ubi8:
+scan-ubuntu18.04-arm64:
+  extends:
+    - .scan
+    - .dist-ubuntu18.04
+    - .platform-arm64
+  needs:
+    - image-ubuntu18.04
+    - scan-ubuntu18.04-amd64
+
+scan-ubi8-amd64:
  extends:
    - .scan
    - .dist-ubi8
+    - .platform-amd64
  needs:
    - image-ubi8

+scan-ubi8-arm64:
+  extends:
+    - .scan
+    - .dist-ubi8
+    - .platform-arm64
+  needs:
+    - image-ubi8
+    - scan-ubi8-amd64
+
 # Define external release helpers
 .release:ngc:
  extends: