From 053fe7846049d81e6a6a2d0b40fa516f03da63ec Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Fri, 15 Nov 2024 07:53:07 +0100 Subject: [PATCH] Preload Trivy DB GitHub's container registry has implemented some rate limiting, this will try to load the database 13 times before running Trivy. For the past few weeks almost every single image build failed due to this and it takes a dozen retries easily to get all scans to pass. --- .github/workflows/ci.yml | 7 +++++++ test-nts.sh | 2 +- test-zts.sh | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8269a..e81259c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -75,6 +75,13 @@ jobs: image: ${{ steps.image-matrix.outputs.image }} steps: - uses: actions/checkout@v4 + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull "ghcr.io/aquasecurity/trivy-db:2" - id: image-matrix name: Generate Combined Image Matrix run: | diff --git a/test-nts.sh b/test-nts.sh index d2a31b7..6ddcd9b 100755 --- a/test-nts.sh +++ b/test-nts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER" diff --git a/test-zts.sh b/test-zts.sh index 8f7650b..a3356ad 100755 --- a/test-zts.sh +++ b/test-zts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER"