debug(cve-scan-patch): find the docker auth file

.github/workflows/cve-scan-and-patching.yml

@@ -26,43 +26,47 @@ jobs:
           registry: registry.sighup.io
           username: ${{ secrets.SIGHUP_REGISTRY_USERNAME }}
           password: ${{ secrets.SIGHUP_REGISTRY_PASSWORD }}
-      - name: Install furyctl, trivy and copa
-        run: |
-          sudo apt-get install wget apt-transport-https gnupg
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
-          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install trivy
-          trivy --version
-          
-          wget https://github.com/sighupio/furyctl/releases/download/v0.29.7/furyctl-linux-amd64.tar.gz
-          tar -xzvf furyctl-linux-amd64.tar.gz -C /usr/local/bin/
-          furyctl version
-
-          wget https://github.com/moby/buildkit/releases/download/v0.16.0/buildkit-v0.16.0.linux-amd64.tar.gz
-          tar -xzvf buildkit-v0.16.0.linux-amd64.tar.gz -C /usr/local/bin/  --strip-components=1
-          buildctl --version
-
-          wget https://github.com/project-copacetic/copacetic/releases/download/v0.8.0/copa_0.8.0_linux_amd64.tar.gz
-          tar -xzvf copa_0.8.0_linux_amd64.tar.gz
-          chmod +x copa
-          sudo mv copa /usr/local/bin/
-          copa --version
-
-      - name: Execute scan and patching
-        run: |
-          cd CVEs
-          make trivy-download-db
-          make all
-          echo "todayDate=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
-          echo "KFD_VERSIONS=$(find CVEs -name "v*" -maxdepth 1 | cut -d/ -f2 | sort)" >> $GITHUB_ENV
-
-      - name: publish patching report
-        uses: actions/upload-artifact@v4
-        with:
-          name: cve-reports-${{env.todayDate}}
-          path: |
-            CVEs/v*/images.txt
-            CVEs/v*/built.yaml
-            CVEs/v*/*.md
-            CVEs/v*/*.log
+      - name: find DOCKER_AUTH_CONFIG
+        run: | 
+          echo "$DOCKER_AUTH_CONFIG" > .docker/config.json
+          cat .docker/config.json
+#      - name: Install furyctl, trivy and copa
+#        run: |
+#          sudo apt-get install wget apt-transport-https gnupg
+#          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
+#          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
+#          sudo apt-get update
+#          sudo apt-get install trivy
+#          trivy --version
+#
+#          wget https://github.com/sighupio/furyctl/releases/download/v0.29.7/furyctl-linux-amd64.tar.gz
+#          tar -xzvf furyctl-linux-amd64.tar.gz -C /usr/local/bin/
+#          furyctl version
+#
+#          wget https://github.com/moby/buildkit/releases/download/v0.16.0/buildkit-v0.16.0.linux-amd64.tar.gz
+#          tar -xzvf buildkit-v0.16.0.linux-amd64.tar.gz -C /usr/local/bin/  --strip-components=1
+#          buildctl --version
+#
+#          wget https://github.com/project-copacetic/copacetic/releases/download/v0.8.0/copa_0.8.0_linux_amd64.tar.gz
+#          tar -xzvf copa_0.8.0_linux_amd64.tar.gz
+#          chmod +x copa
+#          sudo mv copa /usr/local/bin/
+#          copa --version
+#
+#      - name: Execute scan and patching
+#        run: |
+#          cd CVEs
+#          DOCKER_AUTH_CONFIG=
+#          make trivy-download-db
+#          make all
+#          echo "todayDate=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
+#
+#      - name: publish patching report
+#        uses: actions/upload-artifact@v4
+#        with:
+#          name: cve-reports-${{env.todayDate}}
+#          path: |
+#            CVEs/v*/images.txt
+#            CVEs/v*/built.yaml
+#            CVEs/v*/*.md
+#            CVEs/v*/*.log