ACR-CSSC/CSSC-AutoImagePatching.json at main · siby-george/ACR-CSSC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.23.1.45101",
      "templateHash": "1353067285486001033"
    }
  },
  "parameters": {
    "AcrName": {
      "type": "string"
    },
    "AcrLocation": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]"
    }
  },
  "variables": {
    "taskContextPath": "https://github.com/siby-george/ACR-CSSC.git#Cssc-workflow",
    "imagePatching": "CSSCPatchImage.yaml",
    "imageScanning": "CSSCScanImageAndScedulePatch.yaml",
    "repoPatching": "CSSCScanRepoAndScedulePatch.yaml",
    "registryPatching": "CSSCScanRegistryAndScedulePatch.yaml"
  },
  "resources": [
    {
      "type": "Microsoft.ContainerRegistry/registries/tasks",
      "apiVersion": "2019-06-01-preview",
      "name": "[format('{0}/{1}', parameters('AcrName'), 'CSSC-PatchImage')]",
      "location": "[parameters('AcrLocation')]",
      "properties": {
        "platform": {
          "os": "linux",
          "architecture": "amd64"
        },
        "agentConfiguration": {
          "cpu": 2
        },
        "timeout": 3600,
        "step": {
          "type": "FileTask",
          "contextPath": "[variables('taskContextPath')]",
          "taskFilePath": "[variables('imagePatching')]"
        },
        "isSystemTask": false
      }
    },
    {
      "type": "Microsoft.ContainerRegistry/registries/tasks",
      "apiVersion": "2019-06-01-preview",
      "name": "[format('{0}/{1}', parameters('AcrName'), 'CSSC-ScanImageAndSchedulePatch')]",
      "location": "[parameters('AcrLocation')]",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "platform": {
          "os": "linux",
          "architecture": "amd64"
        },
        "agentConfiguration": {
          "cpu": 2
        },
        "timeout": 3600,
        "step": {
          "type": "FileTask",
          "contextPath": "[variables('taskContextPath')]",
          "taskFilePath": "[variables('imageScanning')]"
        },
        "isSystemTask": false
      }
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "apiVersion": "2022-04-01",
      "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('AcrName'))]",
      "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanImageAndSchedulePatch'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c'))]",
      "properties": {
        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
        "principalId": "[reference(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanImageAndSchedulePatch'), '2019-06-01-preview', 'full').identity.principalId]",
        "principalType": "ServicePrincipal"
      },
      "dependsOn": [
        "[resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanImageAndSchedulePatch')]"
      ]
    },
    {
      "type": "Microsoft.ContainerRegistry/registries/tasks",
      "apiVersion": "2019-06-01-preview",
      "name": "[format('{0}/{1}', parameters('AcrName'), 'CSSC-ScanRepoAndSchedulePatch')]",
      "location": "[parameters('AcrLocation')]",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "platform": {
          "os": "linux",
          "architecture": "amd64"
        },
        "agentConfiguration": {
          "cpu": 2
        },
        "timeout": 3600,
        "step": {
          "type": "FileTask",
          "contextPath": "[variables('taskContextPath')]",
          "taskFilePath": "[variables('repoPatching')]"
        },
        "isSystemTask": false
      }
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "apiVersion": "2022-04-01",
      "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('AcrName'))]",
      "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRepoAndSchedulePatch'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c'))]",
      "properties": {
        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
        "principalId": "[reference(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRepoAndSchedulePatch'), '2019-06-01-preview', 'full').identity.principalId]",
        "principalType": "ServicePrincipal"
      },
      "dependsOn": [
        "[resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRepoAndSchedulePatch')]"
      ]
    },
    {
      "type": "Microsoft.ContainerRegistry/registries/tasks",
      "apiVersion": "2019-06-01-preview",
      "name": "[format('{0}/{1}', parameters('AcrName'), 'CSSC-ScanRegistryAndSchedulePatch')]",
      "location": "[parameters('AcrLocation')]",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "platform": {
          "os": "linux",
          "architecture": "amd64"
        },
        "agentConfiguration": {
          "cpu": 2
        },
        "timeout": 3600,
        "step": {
          "type": "FileTask",
          "contextPath": "[variables('taskContextPath')]",
          "taskFilePath": "[variables('registryPatching')]"
        },
        "isSystemTask": false,
        "trigger": {
          "timerTriggers": [
            {
              "name": "daily",
              "schedule": "0 0 * * *"
            }
          ]
        }
      }
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "apiVersion": "2022-04-01",
      "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('AcrName'))]",
      "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRegistryAndSchedulePatch'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c'))]",
      "properties": {
        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
        "principalId": "[reference(resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRegistryAndSchedulePatch'), '2019-06-01-preview', 'full').identity.principalId]",
        "principalType": "ServicePrincipal"
      },
      "dependsOn": [
        "[resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('AcrName'), 'CSSC-ScanRegistryAndSchedulePatch')]"
      ]
    }
  ]
}