From c8a6442753bbd2b0fa916df7c259d0e624965126 Mon Sep 17 00:00:00 2001 From: Andy Newton Date: Mon, 7 Oct 2024 16:15:01 +0100 Subject: [PATCH] ci: specify a different repository for trivy-db to avoid ratelimit errors seen on CD runs --- .github/workflows/docker.yaml | 2 ++ .github/workflows/security-docker.yaml | 2 ++ .github/workflows/security-terraform.yaml | 2 ++ app/api/.gitignore | 2 +- app/cdn/.gitignore | 2 +- app/internal/.gitignore | 2 +- app/selfserve/.gitignore | 2 +- 7 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 9ebf5ecac4..d36545fe0f 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -122,6 +122,8 @@ jobs: with: image-ref: ${{ steps.build-and-push.outputs.imageid }} skip-dirs: /var/clamav + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 - name: Setup Notation CLI if: ${{ inputs.push }} diff --git a/.github/workflows/security-docker.yaml b/.github/workflows/security-docker.yaml index 2d983c1098..2e67b22fae 100644 --- a/.github/workflows/security-docker.yaml +++ b/.github/workflows/security-docker.yaml @@ -22,6 +22,8 @@ jobs: output: "trivy-results.sarif" severity: "MEDIUM,HIGH,CRITICAL" limit-severities-for-sarif: true + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 - name: Upload Results to GitHub Code Scanning if: ${{ always() }} uses: github/codeql-action/upload-sarif@v3 diff --git a/.github/workflows/security-terraform.yaml b/.github/workflows/security-terraform.yaml index cc836bfe69..2d30b74598 100644 --- a/.github/workflows/security-terraform.yaml +++ b/.github/workflows/security-terraform.yaml @@ -22,6 +22,8 @@ jobs: output: "trivy-results.sarif" severity: "CRITICAL" limit-severities-for-sarif: true + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 - name: Upload Results to GitHub Code Scanning if: ${{ always() }} uses: github/codeql-action/upload-sarif@v3 diff --git a/app/api/.gitignore b/app/api/.gitignore index 89599cda86..641dc61339 100644 --- a/app/api/.gitignore +++ b/app/api/.gitignore @@ -26,4 +26,4 @@ phpcs.xml phpstan.neon phpunit.xml psalm.xml -# Trigger CD - 2024-10-07-1217 +# Trigger CD - 2024-10-07-1613 diff --git a/app/cdn/.gitignore b/app/cdn/.gitignore index d8ffa0ed00..0f6ea98690 100644 --- a/app/cdn/.gitignore +++ b/app/cdn/.gitignore @@ -26,4 +26,4 @@ composer.lock editorconfig.org assets/vendor .scannerwork/ -# Trigger CD - 2024-10-07-1217 +# Trigger CD - 2024-10-07-1613 diff --git a/app/internal/.gitignore b/app/internal/.gitignore index 4c610caeb1..4bd582e93c 100644 --- a/app/internal/.gitignore +++ b/app/internal/.gitignore @@ -27,5 +27,5 @@ phpcs.xml phpstan.neon phpunit.xml psalm.xml -# Trigger CD - 2024-10-07-1217 +# Trigger CD - 2024-10-07-1613 diff --git a/app/selfserve/.gitignore b/app/selfserve/.gitignore index 3a4a4fb49d..a5f6631dfc 100644 --- a/app/selfserve/.gitignore +++ b/app/selfserve/.gitignore @@ -26,5 +26,5 @@ phpcs.xml phpstan.neon phpunit.xml psalm.xml -# Trigger CD - 2024-10-07-1217 +# Trigger CD - 2024-10-07-1613