From 4cf7bf2d57864b0d0826ab42a23ae0b65e46a7f5 Mon Sep 17 00:00:00 2001
From: ada <admin@ewynn.in>
Date: Mon, 20 Apr 2026 18:08:25 -0600
Subject: [PATCH] rename scan-defectdojo to what it actually does crossguard

---
 helm/templates/_scan-defectdojo.yaml        | 33 -------------------
 helm/templates/_scan-pulumi-crossguard.yaml | 36 +++++++++++++++++++++
 2 files changed, 36 insertions(+), 33 deletions(-)
 delete mode 100644 helm/templates/_scan-defectdojo.yaml
 create mode 100644 helm/templates/_scan-pulumi-crossguard.yaml

diff --git a/helm/templates/_scan-defectdojo.yaml b/helm/templates/_scan-defectdojo.yaml
deleted file mode 100644
index 0c45ebd..0000000
--- a/helm/templates/_scan-defectdojo.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{- define "template.scan-defectdojo" }}
-- name: scan-defectdojo
-      container:
-        image: pulumi/pulumi:3.154.0
-        env:
-          - name: PULUMI_ACCESS_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: PULUMI_ACCESS_TOKEN
-          - name: AWS_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: AWS_ACCESS_KEY_ID
-          - name: AWS_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: AWS_SECRET_ACCESS_KEY
-        command:
-          - sh
-          - -c
-        args:
-          - |
-            set -eu
-            mkdir -p /workspace/reports
-            cd /workspace
-            pulumi preview --policy-pack ./policy-pack > /workspace/reports/crossguard.json 2>&1 || true
-      volumeMounts:
-        - name: workspace
-          mountPath: /workspace
-{{- end }}
diff --git a/helm/templates/_scan-pulumi-crossguard.yaml b/helm/templates/_scan-pulumi-crossguard.yaml
new file mode 100644
index 0000000..35fa511
--- /dev/null
+++ b/helm/templates/_scan-pulumi-crossguard.yaml
@@ -0,0 +1,36 @@
+{{- define "template.scan-pulumi-crossguard" -}}
+- name: scan-pulumi-crossguard
+  inputs:
+    parameters:
+      - name: working-dir
+  container:
+    image: {{ .Values.images.pulumiCrossguard | quote }}
+    env:
+      - name: PULUMI_ACCESS_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: PULUMI_ACCESS_TOKEN
+      - name: AWS_ACCESS_KEY_ID
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: AWS_ACCESS_KEY_ID
+      - name: AWS_SECRET_ACCESS_KEY
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: AWS_SECRET_ACCESS_KEY
+    command:
+      - sh
+      - -c
+    args:
+      - |
+        set -eu
+        mkdir -p /workspace/reports
+        cd "/workspace/{{ `{{inputs.parameters.working-dir}}` }}"
+        pulumi preview --policy-pack "{{ .Values.pulumi.policyPackPath }}" > /workspace/reports/pulumi-crossguard.json 2>&1 || true
+    volumeMounts:
+      - name: workspace
+        mountPath: /workspace
+{{- end }}