From 8437b12d0614d309f45dd46a7839f9a7c76a4826 Mon Sep 17 00:00:00 2001
From: Giuseppe Iannelli <giuseppe.iannelli@sighup.io>
Date: Wed, 25 Sep 2024 09:43:38 +0200
Subject: [PATCH] fix(cve-scan-patching): add buildkit cache prune after each
 image patching

---
 CVEs/Makefile                          | 2 +-
 scripts/patch_images_with_copacetic.sh | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CVEs/Makefile b/CVEs/Makefile
index 280a8f3..c11f016 100644
--- a/CVEs/Makefile
+++ b/CVEs/Makefile
@@ -2,7 +2,7 @@
 
 KFD_VERSIONS := $(shell find . -type d -maxdepth 1 -mindepth 1 | cut -d/ -f2 | sort )
 
-all: scan patch
+all: scan-parallel patch
 
 scan:
 	@for version in $(KFD_VERSIONS); do \
diff --git a/scripts/patch_images_with_copacetic.sh b/scripts/patch_images_with_copacetic.sh
index 4ba7241..8b4a3cb 100755
--- a/scripts/patch_images_with_copacetic.sh
+++ b/scripts/patch_images_with_copacetic.sh
@@ -100,6 +100,7 @@ function patch_image() {
 
   echo ">>>>>>>>>>>>>>>>>>> CLEANUP $image_to_patch <<<<<<<<<<<<<<<<<<<<<"
   docker rmi -f "$image_to_patch"
+  buildctl --addr tcp://127.0.0.1:8888 prune
   if [ "$secured_image" != "$image_to_patch" ]
   then
     echo ">>>>>>>>>>>>>>>>>>> CLEANUP $secured_image <<<<<<<<<<<<<<<<<<<<<"