Skip to content

Commit

Permalink
Fix trivydb TOOMANYREQUESTS error
Browse files Browse the repository at this point in the history
Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
  • Loading branch information
nabokihms committed Oct 31, 2024
1 parent 8b93966 commit e450967
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/artifacts.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -192,12 +192,35 @@ jobs:
push-to-registry: true
if: inputs.publish

## Use cache for the trivy-db to avoid the TOOMANYREQUESTS error https://github.com/aquasecurity/trivy-action/pull/397
## To avoid the trivy-db becoming outdated, we save the cache for one day
- name: Get data
id: date
run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT

- name: Restore trivy cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # 4.1.2
with:
path: cache/db
key: trivy-cache-${{ steps.date.outputs.date }}
restore-keys:
trivy-cache-

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
with:
input: image
format: sarif
output: trivy-results.sarif
scan-type: 'fs'
scan-ref: '.'
cache-dir: "./cache"

## Trivy-db uses `0600` permissions.
## But `action/cache` use `runner` user by default
## So we need to change the permissions before caching the database.
- name: change permissions for trivy.db
run: sudo chmod 0644 ./cache/db/trivy.db

- name: Upload Trivy scan results as artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
Expand Down

0 comments on commit e450967

Please sign in to comment.