Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: bump setup-trivy and add new contrib directory path info #424

Merged
merged 8 commits into from
Oct 25, 2024

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Oct 24, 2024

Description

Before migrating to composite action contrib dir was stored in /contrib.

But we can't use that path now.
This PR:

  • bump setup-trivy to v0.2.2. This version keeps contrib dir next to trivy binary ($HOME/.local/bin/trivy-bin/contrib).
  • update README.MD about using templates.

Test run - https://github.com/DmitriyLewen/test-trivy-action/actions/runs/11493490734/job/31989270311

Related Issues

Related PRs

@DmitriyLewen
Copy link
Contributor Author

@simar7 tests fail.
Are there any changes in trivy-checks that could be causing this?

@nikpivkin
Copy link
Contributor

@DmitriyLewen We do not use trivy-checks here. We created a copy of the package so that small changes in trivy-checks would not affect the tests.

@DmitriyLewen
Copy link
Contributor Author

hm... then I have no idea why the tests fail...

i updated readme file in last commit.
for last commit tests fail
for previous commit tests passed
изображение

@nikpivkin
Copy link
Contributor

@simar7 did you run this action to upgrade the package to version 1?

@nikpivkin
Copy link
Contributor

Apparently the tests use a copy of the old package before migrating to Rego, so if the package download fails due to a 429 error, Trivy uses the embedded checks.

@DmitriyLewen
Copy link
Contributor Author

Got it! Thanks for checking.

I have one more question:
Is it possible to disable the use of embedded checks and simply return an error when receiving a 429 error?

@nikpivkin
Copy link
Contributor

@DmitriyLewen Unfortunately there is no such option.

@simar7
Copy link
Member

simar7 commented Oct 25, 2024

@simar7 did you run this action to upgrade the package to version 1?

@nikpivkin I just did https://github.com/aquasecurity/trivy-action/actions/runs/11512481974/job/32047569473 although re-running the tests they're still red. Do we have to update the tests themselves too?

Maybe we should run this as a cron job to update these.

@simar7 simar7 self-requested a review October 25, 2024 06:22
README.md Outdated Show resolved Hide resolved
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
@simar7 simar7 self-requested a review October 25, 2024 06:44
@simar7 simar7 merged commit d2a392a into aquasecurity:master Oct 25, 2024
1 of 2 checks passed
@simar7
Copy link
Member

simar7 commented Oct 25, 2024

@DmitriyLewen @nikpivkin I merged it for now, let's fix the tests in another PR.

@DmitriyLewen DmitriyLewen deleted the fix/contrib-dir branch October 25, 2024 06:46
@nikpivkin
Copy link
Contributor

Do we have to update the tests themselves too?

The tests were deleted here #387 , so they need to be restored

@nikpivkin
Copy link
Contributor

Maybe we should run this as a cron job to update these.

Then there is no point in keeping a copy of the checks bundle. What if we use custom checks for tests to get rid of this dependency?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Trivy scan started failing recently for html format
3 participants