From 20e4f7364928fad1e5ffcef7550c4a37f3290132 Mon Sep 17 00:00:00 2001 From: Claire Labry Date: Fri, 4 Feb 2022 14:05:28 -0500 Subject: [PATCH 1/3] reverting changes for the container + binary blocks --- .github/workflows/build.yml | 3 ++- .release/ci.hcl | 6 +----- .release/security-scan.hcl | 10 ++-------- 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6069e1058..9fab5e0045 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,8 @@ on: # Sequence of patterns matched against refs/heads branches: # Push events on the main branch - - main + # - main + - 'fix-security-scan' env: PKG_NAME: consul diff --git a/.release/ci.hcl b/.release/ci.hcl index bf4a2144f3..fbd912ba47 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -10,11 +10,7 @@ project "consul" { organization = "hashicorp" repository = "consul" release_branches = [ - "main", - "release/1.8.x", - "release/1.9.x", - "release/1.10.x", - "release/1.11.x" + "fix-security-scan" ] } } diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 6a2a57b8b8..a3d2c7cbc4 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -1,19 +1,13 @@ container { + secrets = true dependencies = true alpine_secdb = true - - secrets { - all = true - } } binary { + secrets = true go_modules = true osv = true oss_index = true nvd = true - - secrets { - all = true - } } From 092a27e84dabfe83e541e3251c2cdf4bf94c579f Mon Sep 17 00:00:00 2001 From: Claire Labry Date: Fri, 4 Feb 2022 14:22:25 -0500 Subject: [PATCH 2/3] turning go modules to false due to jwt issue --- .release/security-scan.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index a3d2c7cbc4..33ee8cda72 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -6,7 +6,7 @@ container { binary { secrets = true - go_modules = true + go_modules = false osv = true oss_index = true nvd = true From 12fc63d11c1e6a42b33ee149de12cf734ef9b7eb Mon Sep 17 00:00:00 2001 From: Claire Labry Date: Fri, 4 Feb 2022 14:59:30 -0500 Subject: [PATCH 3/3] clean up from testing --- .github/workflows/build.yml | 3 +-- .release/ci.hcl | 6 +++++- .release/security-scan.hcl | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9fab5e0045..a6069e1058 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,8 +5,7 @@ on: # Sequence of patterns matched against refs/heads branches: # Push events on the main branch - # - main - - 'fix-security-scan' + - main env: PKG_NAME: consul diff --git a/.release/ci.hcl b/.release/ci.hcl index fbd912ba47..bf4a2144f3 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -10,7 +10,11 @@ project "consul" { organization = "hashicorp" repository = "consul" release_branches = [ - "fix-security-scan" + "main", + "release/1.8.x", + "release/1.9.x", + "release/1.10.x", + "release/1.11.x" ] } } diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 33ee8cda72..eeb188891c 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -1,11 +1,11 @@ container { - secrets = true dependencies = true alpine_secdb = true + secrets = true } binary { - secrets = true + secrets = true go_modules = false osv = true oss_index = true