-
Notifications
You must be signed in to change notification settings - Fork 77
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix TOOMANYREQUESTS failure in Trivy Action
Signed-off-by: tao.yang <[email protected]>
- Loading branch information
Showing
4 changed files
with
27 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,24 +35,22 @@ jobs: | |
name: image-tar-spiderpool-controller | ||
path: test/.download | ||
|
||
- name: Load And Scan Images | ||
run: | | ||
TAR_FILES=` ls test/.download ` | ||
echo $TAR_FILES | ||
for ITEM in $TAR_FILES ; do | ||
IMAGE_NAME=${ITEM%*.tar} | ||
echo ${IMAGE_NAME} | ||
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }} | ||
echo "---------trivy checkout image ${IMAGE_NAME}:${{ inputs.image_tag }} --------------------" | ||
make lint_image_trivy -e IMAGE_NAME=${IMAGE_NAME}:${{ inputs.image_tag }} \ | ||
|| { echo "RUN_IMAGE_TRIVY_FAIL=true" >> $GITHUB_ENV ; echo "error, image ${IMAGE_NAME}:${{ inputs.image_tag }} is bad" ; } | ||
done | ||
- name: List downloaded files | ||
run: ls -al test/.download | ||
|
||
- name: Show Trivy Scan Report | ||
run: | | ||
if [ "${{ env.RUN_IMAGE_TRIVY_FAIL }}" == "true" ] ; then | ||
echo "error, image is not secure, see detail on Step 'Load And Scan Images' " | ||
exit 1 | ||
else | ||
exit 0 | ||
fi | ||
# https://github.com/aquasecurity/trivy-action/issues/389 | ||
- name: load and scan spiderpool-agent image | ||
uses: aquasecurity/[email protected] | ||
env: | ||
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db | ||
with: | ||
input: test/.download/spiderpool-agent-race.tar | ||
severity: 'CRITICAL,HIGH' | ||
|
||
- name: load and scan spiderpool-controller image | ||
uses: aquasecurity/[email protected] | ||
env: | ||
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db | ||
with: | ||
input: test/.download/spiderpool-controller-race.tar | ||
severity: 'CRITICAL,HIGH' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -501,4 +501,3 @@ lint_chart_trivy: | |
.PHONY: build-chart | ||
build-chart: | ||
@ cd charts ; make | ||
|