[Test] Add tags to interop images for vulnerability scan exclusion (#36695)

Updated create_matrix_images.py to add an additional tag, infrastructure-public-image-ORIGINAL_TAG to a new image to be excluded from the GCP Vulnerability scanner. Closes #36695 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36695 from arjan-bal:docker-tag-interop-images 28b6a14dc0 PiperOrigin-RevId: 636996322
6 months ago · aa83a3fe32
parent ac303a09f6
commit aa83a3fe32
1 changed files with 7 additions and 0 deletions
--- a/tools/interop_matrix/create_matrix_images.py
+++ b/tools/interop_matrix/create_matrix_images.py
@ -409,7 +409,14 @@ for lang in languages:
            jobset.message("START", "Uploading %s" % image, do_newline=True)
            # docker image name must be in the format <gcr_path>/<image>:<gcr_tag>
            assert image.startswith(args.gcr_path) and image.find(":") != -1
+            # Add a tag to exclude the image from the GCP Vulnerability Scanner.
+            (image_name, tag_name) = image.rsplit(":", 1)
+            alternate_image = (
+                f"{image_name}:infrastructure-public-image-{tag_name}"
+            )
+            subprocess.call(["docker", "image", "tag", image, alternate_image])
            subprocess.call(["gcloud", "docker", "--", "push", image])
+            subprocess.call(["gcloud", "docker", "--", "push", alternate_image])
        else:
            # Uploading (and overwriting images) by default can easily break things.
            print(