The run-image-scan Task uses the upstream rhacs-image-scan. This task requires a workspace rox-api-token-auth that contains the ROX_API_TOKEN.
This is achieved by creating a temporary secret as part of the authenticate-central Task. The secret is deleted as part of the delete-rox-api-token-secret Task.
On top of having to manage this temporary secret, this makes the process of running the pipeline a bit more complex, as you have to pass the name of the workspace/secret as a pipeline parameter.
To remove the need for this temporary secret, we should use the environment variable ROX_API_TOKEN, as we do in other places. We have identified the following options:
- Modify the upstream Task to accept the
ROX_API_TOKEN environment variable. We're waiting on inputs from the RHACS team on how to contribute.
- Create our own Task to run
roxctl image scan (example).
The
run-image-scanTask uses the upstreamrhacs-image-scan. This task requires a workspacerox-api-token-auththat contains theROX_API_TOKEN.This is achieved by creating a temporary secret as part of the
authenticate-centralTask. The secret is deleted as part of thedelete-rox-api-token-secretTask.On top of having to manage this temporary secret, this makes the process of running the pipeline a bit more complex, as you have to pass the name of the workspace/secret as a pipeline parameter.
To remove the need for this temporary secret, we should use the environment variable
ROX_API_TOKEN, as we do in other places. We have identified the following options:ROX_API_TOKENenvironment variable. We're waiting on inputs from the RHACS team on how to contribute.roxctl image scan(example).