-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: bump setup-trivy
and add new contrib
directory path info
#424
Conversation
@simar7 tests fail. |
@DmitriyLewen We do not use trivy-checks here. We created a copy of the package so that small changes in trivy-checks would not affect the tests. |
Apparently the tests use a copy of the old package before migrating to Rego, so if the package download fails due to a 429 error, Trivy uses the embedded checks. |
Got it! Thanks for checking. I have one more question: |
@DmitriyLewen Unfortunately there is no such option. |
@nikpivkin I just did https://github.com/aquasecurity/trivy-action/actions/runs/11512481974/job/32047569473 although re-running the tests they're still red. Do we have to update the tests themselves too? Maybe we should run this as a cron job to update these. |
Co-authored-by: simar7 <[email protected]>
@DmitriyLewen @nikpivkin I merged it for now, let's fix the tests in another PR. |
The tests were deleted here #387 , so they need to be restored |
Then there is no point in keeping a copy of the checks bundle. What if we use custom checks for tests to get rid of this dependency? |
Description
Before migrating to composite action
contrib
dir was stored in/contrib
.But we can't use that path now.
This PR:
setup-trivy
tov0.2.2
. This version keepscontrib
dir next totrivy
binary ($HOME/.local/bin/trivy-bin/contrib
).Test run - https://github.com/DmitriyLewen/test-trivy-action/actions/runs/11493490734/job/31989270311
Related Issues
Related PRs