From b996a4073eb955d4297e27698221663026038a9f Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Fri, 15 Nov 2024 07:53:07 +0100 Subject: [PATCH] Preload Trivy DB GitHub's container registry has implemented some rate limiting, this will try to load the database 13 times before running Trivy. For the past few weeks almost every single image build failed due to this and it takes a dozen retries easily to get all scans to pass. --- .github/workflows/ci.yml | 14 ++++++++++++++ test-nts.sh | 2 +- test-zts.sh | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8269a..1043c13 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -75,6 +75,13 @@ jobs: image: ${{ steps.image-matrix.outputs.image }} steps: - uses: actions/checkout@v4 + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull ghcr.io/aquasecurity/trivy-db:2 - id: image-matrix name: Generate Combined Image Matrix run: | @@ -176,6 +183,13 @@ jobs: image: ${{ fromJson(needs.image-matrix.outputs.image) }} exclude: ${{ fromJson(needs.exclude-matrix.outputs.exclude) }} steps: + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull ghcr.io/aquasecurity/trivy-db:2 - uses: actions/checkout@v4 if: contains(matrix.image, 'alpine') - uses: dbhi/qus/action@main diff --git a/test-nts.sh b/test-nts.sh index d2a31b7..6ddcd9b 100755 --- a/test-nts.sh +++ b/test-nts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER" diff --git a/test-zts.sh b/test-zts.sh index 8f7650b..a3356ad 100755 --- a/test-zts.sh +++ b/test-zts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER"