Skip to content

Commit

Permalink
Fix TOOMANYREQUESTS failure in Trivy Action
Browse files Browse the repository at this point in the history
Signed-off-by: tao.yang <[email protected]>
  • Loading branch information
ty-dc committed Nov 14, 2024
1 parent cdc0e82 commit 7faf845
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 23 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-image-ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ jobs:
# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
push: ${{ env.push }}
platforms: linux/amd64
outputs: type=tar,dest=/tmp/${{ matrix.name }}-race.tar
outputs: type=docker,dest=/tmp/${{ matrix.name }}-race.tar
github-token: ${{ secrets.WELAN_PAT }}
tags: |
${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-race
Expand Down Expand Up @@ -231,7 +231,7 @@ jobs:
push: ${{ env.push }}
platforms: linux/amd64
github-token: ${{ secrets.WELAN_PAT }}
outputs: type=tar,dest=/tmp/${{ matrix.name }}-race.tar
outputs: type=docker,dest=/tmp/${{ matrix.name }}-race.tar
tags: |
${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-race
build-args: |
Expand Down
38 changes: 18 additions & 20 deletions .github/workflows/trivy-scan-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,23 @@ jobs:
with:
name: image-tar-spiderpool-controller
path: test/.download

- name: List downloaded files
run: ls -al test/.download

- name: Load And Scan Images
run: |
TAR_FILES=` ls test/.download `
echo $TAR_FILES
for ITEM in $TAR_FILES ; do
IMAGE_NAME=${ITEM%*.tar}
echo ${IMAGE_NAME}
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }}
echo "---------trivy checkout image ${IMAGE_NAME}:${{ inputs.image_tag }} --------------------"
make lint_image_trivy -e IMAGE_NAME=${IMAGE_NAME}:${{ inputs.image_tag }} \
|| { echo "RUN_IMAGE_TRIVY_FAIL=true" >> $GITHUB_ENV ; echo "error, image ${IMAGE_NAME}:${{ inputs.image_tag }} is bad" ; }
done
# https://github.com/aquasecurity/trivy-action/issues/389
- name: load and scan spiderpool-agent image
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db
with:
input: test/.download/spiderpool-agent-race.tar
severity: 'CRITICAL,HIGH'

- name: Show Trivy Scan Report
run: |
if [ "${{ env.RUN_IMAGE_TRIVY_FAIL }}" == "true" ] ; then
echo "error, image is not secure, see detail on Step 'Load And Scan Images' "
exit 1
else
exit 0
fi
- name: load and scan spiderpool-controller image
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db
with:
input: test/.download/spiderpool-controller-race.tar
severity: 'CRITICAL,HIGH'
1 change: 0 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -501,4 +501,3 @@ lint_chart_trivy:
.PHONY: build-chart
build-chart:
@ cd charts ; make

0 comments on commit 7faf845

Please sign in to comment.