From b996a4073eb955d4297e27698221663026038a9f Mon Sep 17 00:00:00 2001
From: Cees-Jan Kiewiet <ceesjank@gmail.com>
Date: Fri, 15 Nov 2024 07:53:07 +0100
Subject: [PATCH] Preload Trivy DB

GitHub's container registry has implemented some rate limiting, this
will try to load the database 13 times before running Trivy. For the
past few weeks almost every single image build failed due to this and it
 takes a dozen retries easily to get all scans to pass.
---
 .github/workflows/ci.yml | 14 ++++++++++++++
 test-nts.sh              |  2 +-
 test-zts.sh              |  2 +-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3c8269a..1043c13 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -75,6 +75,13 @@ jobs:
       image: ${{ steps.image-matrix.outputs.image }}
     steps:
       - uses: actions/checkout@v4
+      - name: Preload Trivy DB
+        uses: nick-invision/retry@v3
+        with:
+          timeout_minutes: 120
+          retry_wait_seconds: 1
+          max_attempts: 13
+          command: docker pull ghcr.io/aquasecurity/trivy-db:2
       - id: image-matrix
         name: Generate Combined Image Matrix
         run: |
@@ -176,6 +183,13 @@ jobs:
         image: ${{ fromJson(needs.image-matrix.outputs.image) }}
         exclude: ${{ fromJson(needs.exclude-matrix.outputs.exclude) }}
     steps:
+      - name: Preload Trivy DB
+        uses: nick-invision/retry@v3
+        with:
+          timeout_minutes: 120
+          retry_wait_seconds: 1
+          max_attempts: 13
+          command: docker pull ghcr.io/aquasecurity/trivy-db:2
       - uses: actions/checkout@v4
         if: contains(matrix.image, 'alpine')
       - uses: dbhi/qus/action@main
diff --git a/test-nts.sh b/test-nts.sh
index d2a31b7..6ddcd9b 100755
--- a/test-nts.sh
+++ b/test-nts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
\ No newline at end of file
+    --verbose --hosts="docker://$DOCKER_CONTAINER"
diff --git a/test-zts.sh b/test-zts.sh
index 8f7650b..a3356ad 100755
--- a/test-zts.sh
+++ b/test-zts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
\ No newline at end of file
+    --verbose --hosts="docker://$DOCKER_CONTAINER"