From b1f67b88e213611447e82418218b9ec6acf686df Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Fri, 15 Nov 2024 07:53:07 +0100 Subject: [PATCH] Preload Trivy DB GitHub's container registry has implemented some rate limiting, this will try to load the database 13 times before running Trivy. For the past few weeks almost every single image build failed due to this and it takes a dozen retries easily to get all scans to pass. --- .github/workflows/ci.yml | 14 ++++++++++++++ test-nts.sh | 2 +- test-zts.sh | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8269a..d984e15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -75,6 +75,13 @@ jobs: image: ${{ steps.image-matrix.outputs.image }} steps: - uses: actions/checkout@v4 + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull "ghcr.io/aquasecurity/trivy-db:2" - id: image-matrix name: Generate Combined Image Matrix run: | @@ -176,6 +183,13 @@ jobs: image: ${{ fromJson(needs.image-matrix.outputs.image) }} exclude: ${{ fromJson(needs.exclude-matrix.outputs.exclude) }} steps: + - name: Preload Trivy DB + uses: nick-invision/retry@v3 + with: + timeout_minutes: 120 + retry_wait_seconds: 1 + max_attempts: 13 + command: docker pull "ghcr.io/aquasecurity/trivy-db:2" - uses: actions/checkout@v4 if: contains(matrix.image, 'alpine') - uses: dbhi/qus/action@main diff --git a/test-nts.sh b/test-nts.sh index d2a31b7..6ddcd9b 100755 --- a/test-nts.sh +++ b/test-nts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER" diff --git a/test-zts.sh b/test-zts.sh index 8f7650b..a3356ad 100755 --- a/test-zts.sh +++ b/test-zts.sh @@ -58,4 +58,4 @@ docker run --rm -t \ renatomefi/docker-testinfra:5 \ -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \ --disable-pytest-warnings \ - --verbose --hosts="docker://$DOCKER_CONTAINER" \ No newline at end of file + --verbose --hosts="docker://$DOCKER_CONTAINER"