Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while retrieving the default branch name #418

Closed
BAiler-ai opened this issue Oct 18, 2024 · 10 comments · Fixed by #421
Closed

Error while retrieving the default branch name #418

BAiler-ai opened this issue Oct 18, 2024 · 10 comments · Fixed by #421

Comments

@BAiler-ai
Copy link

BAiler-ai commented Oct 18, 2024
edited
Loading

I am trying to use the latest master version (0.28.0) to scan a docker image from a private registry. We are currently on version 0.25.0
The action fails while it trys to resolve the default branch. I havn't found a flag to set the default branch for the action. I am currently testing it on a separate branch which is up-to-date with the default (master) branch. I tried to set a github-pat but it hasn't fixed it.

The error is:
Determining the default branch
Retrieving the default branch name
Not Found - https://docs.github.com/[email protected]/rest/repos/repos#get-a-repository
@simar7
Copy link
Member

simar7 commented Oct 19, 2024

hi @BAiler-ai trying to understand your question, how do you specify the action to use in GitHub workflow? It should be as such

   - name: Run Trivy vulnerability scanner
        uses: aquasecurity/[email protected]

That will use the released v0.28.0 version from the master branch.

@BAiler-ai
Copy link
Author

Hi @simar7 yes very similar I just tried the @master version instead of a fixed version.

@uhei
Copy link

uhei commented Oct 21, 2024

We have the same error. We're running

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'repo'
          ignore-unfixed: true
          severity: 'MEDIUM,HIGH,CRITICAL'
          scanners: 'secret'
          hide-progress: true
          exit-code: '1'

on a Github Enterprise Server 3.13. Problem seems that the action 'actions/checkout' (which is called by 'actions/cache' which is called by 'aquasecurity/setup-trivy') is calling Get a repository.

For a 'Internal' or 'Private' repo we receive there a '404 Not found'.

It seems that the required token is not forwarded as needed in the actions chain (just a guess).

@uhei
Copy link

uhei commented Oct 21, 2024
edited
Loading

We have the same error. We're running

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'repo'
          ignore-unfixed: true
          severity: 'MEDIUM,HIGH,CRITICAL'
          scanners: 'secret'
          hide-progress: true
          exit-code: '1'

on a Github Enterprise Server 3.13. Problem seems that the action 'actions/checkout' (which is called by 'actions/cache' which is called by 'aquasecurity/setup-trivy') is calling Get a repository.

For a 'Internal' or 'Private' repo we receive there a '404 Not found'.

It seems that the required token is not forwarded as needed in the actions chain (just a guess).

Update: issue is not "our" 'Internal' or 'Private' repo. Issue seems that 'actions/checkout' is trying to get the default branch of repo 'https://github.<##redacted##>/aquasecurity/trivy' on our internal Enterprise Server. This repo does (of course) not exists here (it should be 'https://github.com/aquasecurity/trivy').

@uhei
Copy link

uhei commented Oct 21, 2024

Issue already documented in aquasecurity/setup-trivy#10

@DmitriyLewen DmitriyLewen mentioned this issue Oct 22, 2024
Merged
1 task
@DmitriyLewen
Copy link
Contributor

Hi all!

I created 2 PRs:

But i don't have GHES to test it (my local runner works correctly).

Can you test these changes to make sure they work for GHES?

@BAiler-ai
Copy link
Author

Hi @DmitriyLewen the PR aquasecurity/setup-trivy#12 worked for me at least once I set an github.com token as input parameter. Is this the expected behavior so I need a valid github.com token to run the action?

@DmitriyLewen
Copy link
Contributor

Hello @BAiler-ai

so I need a valid github.com token to run the action?

Right.
github.token for GHES is not valid for https://github.com server.
But GitHub still checks token (i don't know why and for what) when checkout public repository.

You can use https://github.com/actions/create-github-app-token to create this token.

@DmitriyLewen DmitriyLewen mentioned this issue Oct 23, 2024
Merged
@m-breitbach
Copy link

For our use case, the effort of setting up the app token seems to be unjustified. We will just add a manual install step using curl (as was done by the trivy-action before) and set skip-setup-trivy: true for now.

@DmitriyLewen
Copy link
Contributor

Hi @m-breitbach
We also wanted to use curl, but some users don't have curl, sudo, etc. in their runner (see #403)

So we are trying to find ways for all users.

So it's great that trivy-action has way to solve your problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add token for setup-trivy DmitriyLewen/trivy-action
5 participants
@simar7 @uhei @m-breitbach @DmitriyLewen @BAiler-ai