charts/tools/gate/jarvis/standard-container/assets/playbooks/roles/images/tasks/main.yaml

- name: Image Build
  block:
    #Build docker image using Makefile given git repository location to clone code from
    - name: Build Docker Image for "{{ image_name }}"
      shell: docker build -t "{{ image_fullname }}" .
      args:
        chdir: "{{ build.checkout_loc }}/{{ path }}"
  when: ("{{ stage }}" == "build")
  become: true
- name: Tag and Push Image
  block:
    - name: Tag image to Harbor url
      shell: docker tag "{{ image_fullname }}" "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}"
    - name: Push image to Harbor
      shell: docker push "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}"
  when: ( stage == "push")
- name: Get Scan Results
  block:
    #Scan results may take some time, putting in some retries and a delay to determine if scan results get finished
    - name: output the request
      shell: echo "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"

    - name: Get Scan Results
      uri:
        validate_certs: false
        url: "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"
        method: GET
        body_format: "json"
        headers:
          accept: "application/json"
          X-Request-Id: "12345"
          #Change to encoded from configmap
          authorization: "Basic YWRtaW46SGFyYm9yMTIzNDU="
      register: result
      until: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].scan_status == "Success"
      retries: 5
      delay: 30

    - name: Check Scan Results Summary for High and Critical CVE
      #shell: echo '{{ result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"] }}'
      set_fact:
        image_status: "Vulnerable"
      when: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].severity in ("High","Critical")
  when: ( stage  == "scan_results")