-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Allow skipping setup #414
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add examples to README.md
using setup-trivy
action + skip-setup-trivy
input?
323bf39
to
b0d6293
Compare
Yes, added examples of both calling |
If a user is invoking the action multiple times then the trivy binary gets installed multiple times. Users can avoid this by managing the installation themselves and setting the skip-setup input to true, or by letting the action install in on their first invocation and then setting skip-setup to true on subsequent invocations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@simar7 wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Would love to use this. Could we have a v0.29.0 release for the action? |
Hello @antoninbas But you can use commit number or master branch. |
If a user is invoking the action multiple times then the trivy binary gets installed multiple times. Users can avoid this by managing the installation themselves and setting the skip-setup input to true, or by letting the action install in on their first invocation and then setting skip-setup to true on subsequent invocations
This is an alternative solution to aquasecurity/setup-trivy#7 as discussed in that PR to address aquasecurity/setup-trivy#6
By allowing users to control whether the call to the
setup-trivy
action is made they can control how thetrivy
binary is installed, and avoid installing it multiple times if they have workflows that calltrivy
multiple times.Added an example test at https://github.com/rvesse/setup-trivy-debugging/blob/main/.github/workflows/setup-trivy-indirect-fixed.yml with job output at https://github.com/rvesse/setup-trivy-debugging/actions/runs/11342576655/job/31543286568 where we can see that Trivy is no longer installed multiple times