reference in readme

Signed-off-by: Sertac Ozercan <[email protected]>
project-copacetic · Jan 16, 2024 · 13efe67 · 13efe67
1 parent 9c12050
commit 13efe67
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 64 deletions.
diff --git a/.github/workflows/test.yaml → .github/workflows/patch.yaml b/.github/workflows/test.yaml → .github/workflows/patch.yaml
diff --git a/README.md b/README.md
@@ -24,67 +24,4 @@ Copacetic Action is supported with Copa version 0.3.0 and later.
 
 ## Example usage
 
-```yaml
-name: Patch images
-on: [push]
-jobs:
-    patch:
-        runs-on: ubuntu-latest
-        # used for pushing patched image to GHCR
-        permissions:
-          packages: write
-        strategy:
-          fail-fast: false
-          matrix:
-            # provide relevant list of images to scan on each run
-            images:
-              - "docker.io/library/nginx:1.21.6"
-              - "docker.io/openpolicyagent/opa:0.46.0"
-              - "docker.io/library/hello-world:latest"
-        steps:
-          # generate trivy report for fixable OS package vulnerabilities
-        - name: Generate Trivy Report
-          uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
-          with:
-            scan-type: 'image'
-            format: 'json'
-            output: 'report.json'
-            ignore-unfixed: true
-            vuln-type: 'os'
-            image-ref: ${{ matrix.images }}
-
-          # check if there are OS package vulnerabilities
-        - name: Check vulnerability count
-          id: vuln_count
-          run: |
-            report_file="report.json"
-            vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs" and .Vulnerabilities!=null) | .Vulnerabilities[]] | length' "$report_file")
-            echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT
-
-          # copa action will only run if there are vulnerabilities
-        - name: Copa Action
-          if: steps.vuln_count.outputs.vuln_count != '0'
-          id: copa
-          # using latest (v1) version for illustrative purposes. make sure to pin to a digest for security and stability
-          uses: project-copacetic/copa-action@v1
-          with:
-            image: ${{ matrix.images }}
-            image-report: 'report.json'
-            patched-tag: 'patched'
-            buildkit-version: 'v0.11.6' # optional, default is latest
-            copa-version: '0.6.0' # optional, default is latest
-
-          # for other registries, see https://github.com/docker/login-action#usage
-        - name: Login to GHCR
-          if: steps.copa.conclusion == 'success'
-          uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-          with:
-            registry: ghcr.io
-            username: ${{ github.actor }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-
-        - name: Docker Push Patched Image
-          if: steps.login.conclusion == 'success'
-          run: |
-            docker push ${{ steps.copa.outputs.patched-image }}
-```
+https://github.com/sozercan/copa-action/blob/1318614969da67670fc36a7be0f55c4d5c3f1de8/.github/workflows/patch.yaml#L1-L64