rename scan-defectdojo to what it actually does crossguard

helm/templates/_scan-defectdojo.yaml

@@ -1,33 +0,0 @@
-{{- define "template.scan-defectdojo" }}
-- name: scan-defectdojo
-      container:
-        image: pulumi/pulumi:3.154.0
-        env:
-          - name: PULUMI_ACCESS_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: PULUMI_ACCESS_TOKEN
-          - name: AWS_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: AWS_ACCESS_KEY_ID
-          - name: AWS_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: amp-security-pipeline-secrets
-                key: AWS_SECRET_ACCESS_KEY
-        command:
-          - sh
-          - -c
-        args:
-          - |
-            set -eu
-            mkdir -p /workspace/reports
-            cd /workspace
-            pulumi preview --policy-pack ./policy-pack > /workspace/reports/crossguard.json 2>&1 || true
-      volumeMounts:
-        - name: workspace
-          mountPath: /workspace
-{{- end }}

helm/templates/_scan-pulumi-crossguard.yaml

@@ -0,0 +1,36 @@
+{{- define "template.scan-pulumi-crossguard" -}}
+- name: scan-pulumi-crossguard
+  inputs:
+    parameters:
+      - name: working-dir
+  container:
+    image: {{ .Values.images.pulumiCrossguard | quote }}
+    env:
+      - name: PULUMI_ACCESS_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: PULUMI_ACCESS_TOKEN
+      - name: AWS_ACCESS_KEY_ID
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: AWS_ACCESS_KEY_ID
+      - name: AWS_SECRET_ACCESS_KEY
+        valueFrom:
+          secretKeyRef:
+            name: amp-security-pipeline-secrets
+            key: AWS_SECRET_ACCESS_KEY
+    command:
+      - sh
+      - -c
+    args:
+      - |
+        set -eu
+        mkdir -p /workspace/reports
+        cd "/workspace/{{ `{{inputs.parameters.working-dir}}` }}"
+        pulumi preview --policy-pack "{{ .Values.pulumi.policyPackPath }}" > /workspace/reports/pulumi-crossguard.json 2>&1 || true
+    volumeMounts:
+      - name: workspace
+        mountPath: /workspace
+{{- end }}