Skip to content

Commit

Permalink
fix: Avoid repeat installs (#6)
Browse files Browse the repository at this point in the history
This commit adds tracking and detection of when the current job has
already called setup-trivy (whether directly/indirectly) and avoids
repeatedly installing it once it has been installed
  • Loading branch information
rvesse committed Oct 15, 2024
1 parent eadb05c commit cdb9d8d
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,29 +19,41 @@ inputs:
runs:
using: 'composite'
steps:
- name: Check is Trivy already installed?
id: check
shell: bash
run: |
if [ "$TRIVY_INSTALLED" == "${{ inputs.version }}-${{ inputs.path }}" ]; then
echo "Trivy '${{ inputs.version }}' has already been installed by the current job, skipping reinstalling it again"
echo "installed=true" >> $GITHUB_OUTPUT
else
echo "installed=false" >> $GITHUB_OUTPUT
fi
- name: Binary dir
if: ${{ steps.check.outputs.installed == 'false' }}
id: binary-dir
shell: bash
run: echo "dir=${{ inputs.path }}/trivy-bin" >> $GITHUB_OUTPUT

## Don't cache `latest` version
- name: Check the version for caching
if: ${{ inputs.cache == 'true' && inputs.version == 'latest' }}
if: ${{ steps.check.outputs.installed == 'false' && inputs.cache == 'true' && inputs.version == 'latest' }}
shell: bash
run: |
echo "'setup-trivy' doesn't currently support caching the 'latest' version"
echo "read https://github.com/aquasecurity/setup-trivy?tab=readme-ov-file#caching for more details"
- name: Restore Trivy binary from cache
if: ${{ inputs.cache == 'true' && inputs.version != 'latest' }}
if: ${{ steps.check.outputs.installed == 'false' && inputs.cache == 'true' && inputs.version != 'latest' }}
id: cache
uses: actions/cache@v4
with:
path: ${{ steps.binary-dir.outputs.dir }}
key: trivy-binary-${{ inputs.version }}-${{ runner.os }}-${{ runner.arch }}

- name: Checkout install script
if: steps.cache.outputs.cache-hit != 'true'
if: ${{ steps.check.outputs.installed == 'false' && steps.cache.outputs.cache-hit != 'true' }}
uses: actions/checkout@v4
with:
repository: aquasecurity/trivy
Expand All @@ -52,13 +64,19 @@ runs:
fetch-depth: 1

- name: Install Trivy
if: steps.cache.outputs.cache-hit != 'true'
if: ${{ steps.check.outputs.installed == 'false' && steps.cache.outputs.cache-hit != 'true' }}
shell: bash
run: |
echo "installing Trivy binary"
bash ./trivy/contrib/install.sh -b ${{ steps.binary-dir.outputs.dir }} ${{ inputs.version }}
## Add the Trivy binary, retrieved from cache or installed by a script, to $GITHUB_PATH
- name: Add Trivy binary to $GITHUB_PATH
if: ${{ steps.check.outputs.installed == 'false' }}
shell: bash
run: echo ${{ steps.binary-dir.outputs.dir }} >> $GITHUB_PATH

- name: Set Env Var to indicate Trivy is "'setup-trivy'
if: ${{ steps.check.outputs.installed == 'false' }}
shell: bash
run: echo "TRIVY_INSTALLED=${{ inputs.version}}-${{ inputs.path}}" >> $GITHUB_ENV

0 comments on commit cdb9d8d

Please sign in to comment.