From b996a4073eb955d4297e27698221663026038a9f Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Fri, 15 Nov 2024 07:53:07 +0100 Subject: [PATCH] Preload Trivy DB GitHub's container registry has implemented some rate limiting, this will try to load the database 13 times before running Trivy. For the past few weeks almost every single image build failed due to this and it takes a dozen retries easily to get all scans to pass. --- .github/workflows/ci.yml | 14 ++++++++++++++ test-nts.sh | 2 +- test-zts.sh | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8269a8..1043c139 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -75,6 +75,13 @@ jobs: image: ${{ steps.image-matrix.outputs.image }} steps: - uses: actions/checkout@v4 + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull ghcr.io/aquasecurity/trivy-db:2 - id: image-matrix name: Generate Combined Image Matrix run: | @@ -176,6 +183,13 @@ jobs: image: ${{ fromJson(needs.image-matrix.outputs.image) }} exclude: ${{ fromJson(needs.exclude-matrix.outputs.exclude) }} steps: + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull ghcr.io/aquasecurity/trivy-db:2 - uses: actions/checkout@v4 if: contains(matrix.image, 'alpine') - uses: dbhi/qus/action@main diff --git a/test-nts.sh b/test-nts.sh index d2a31b75..6ddcd9b0 100755 --- a/test-nts.sh +++ b/test-nts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER" diff --git a/test-zts.sh b/test-zts.sh index 8f7650b7..a3356ad8 100755 --- a/test-zts.sh +++ b/test-zts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER"