From c83e53fef9bba20e4af518162a66556bab89c513 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Fri, 8 Nov 2024 22:00:34 +0000 Subject: [PATCH 1/2] fix trivy pipeline by pulling trivy image from mcr --- .github/workflows/trivy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 7ac461f6..df005728 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -75,6 +75,8 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.MEMBER_NET_CONTROLLER_MANAGER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} @@ -90,6 +92,8 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.MCS_CONTROLLER_MANAGER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} uses: aquasecurity/trivy-action@master @@ -104,3 +108,5 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db From a5562b02c3ae1e6d06d85f32efcdf62449fb4866 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Mon, 11 Nov 2024 06:53:16 +0000 Subject: [PATCH 2/2] remove java-db and add workflow-dispatcher trigger --- .github/workflows/trivy.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index df005728..049c6b4f 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -6,6 +6,7 @@ on: create: # Publish semver tags as releases. tags: [ 'v*.*.*' ] + workflow_dispatch: {} permissions: contents: read @@ -76,7 +77,6 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db - TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.MEMBER_NET_CONTROLLER_MANAGER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} @@ -93,7 +93,6 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db - TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.MCS_CONTROLLER_MANAGER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} uses: aquasecurity/trivy-action@master @@ -109,4 +108,3 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db - TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db