disable trivy (#701)

* disable trivy
kartoza · Nov 9, 2024 · 8aa1483 · 8aa1483
1 parent aee4db9
commit 8aa1483
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 37 deletions.
diff --git a/.github/workflows/build-latest.yaml b/.github/workflows/build-latest.yaml
@@ -134,40 +134,40 @@ jobs:
           name: kartoza-geoserver
           path: /tmp/geoserver.tar
 
-  scan_image:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    if: |
-      github.actor != 'dependabot[bot]' &&
-      !(
-        contains(github.event.pull_request.title, '[skip-release]') ||
-        contains(github.event.comment.body, '/skiprelease')
-      )
-    needs: [run-scenario-tests]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: kartoza-geoserver
-          path: /tmp
-      - name: Load image
-        run: |
-          docker load --input /tmp/geoserver.tar
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          format: 'sarif'
-          ignore-unfixed: true
-          image-ref: kartoza/geoserver:manual-build
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
-          vuln-type: 'os,library'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+#  scan_image:
+#    runs-on: ubuntu-latest
+#    timeout-minutes: 20
+#    if: |
+#      github.actor != 'dependabot[bot]' &&
+#      !(
+#        contains(github.event.pull_request.title, '[skip-release]') ||
+#        contains(github.event.comment.body, '/skiprelease')
+#      )
+#    needs: [run-scenario-tests]
+#    steps:
+#      - uses: actions/checkout@v4
+#      - name: Download artifact
+#        uses: actions/download-artifact@v4
+#        with:
+#          name: kartoza-geoserver
+#          path: /tmp
+#      - name: Load image
+#        run: |
+#          docker load --input /tmp/geoserver.tar
+#      - name: Run Trivy vulnerability scanner
+#        uses: aquasecurity/trivy-action@master
+#        with:
+#          format: 'sarif'
+#          ignore-unfixed: true
+#          image-ref: kartoza/geoserver:manual-build
+#          output: 'trivy-results.sarif'
+#          severity: 'CRITICAL,HIGH'
+#          vuln-type: 'os,library'
+#
+#      - name: Upload Trivy scan results to GitHub Security tab
+#        uses: github/codeql-action/upload-sarif@v3
+#        with:
+#          sarif_file: 'trivy-results.sarif'
 
   run-scenario-tests:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/deploy-image.yaml b/.github/workflows/deploy-image.yaml
@@ -79,8 +79,7 @@ jobs:
           push: true
           tags: |
             ${{ secrets.DOCKERHUB_REPO }}/geoserver
-            ${{ steps.check_hub_image_exists.outputs.check_image == 200 && format('{0}/postgis:{1}-{2}.{3}', secrets.DOCKERHUB_REPO,  matrix.geoserverMajorVersion, geoserverMinorVersion.minor, matrix.geoserverMinorVersion.patch) || null}}
-            ${{ secrets.DOCKERHUB_REPO }}/geoserver:${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}
+            ${{ steps.check_hub_image_exists.outputs.check_image == 200 && format('{0}/geoserver:{1}-{2}.{3}', secrets.DOCKERHUB_REPO,  matrix.geoserverMajorVersion, matrix.geoserverMinorVersion.minor, matrix.geoserverMinorVersion.patch) || null}}            ${{ secrets.DOCKERHUB_REPO }}/geoserver:${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}
             ${{ secrets.DOCKERHUB_REPO }}/geoserver:${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}--v${{ steps.current_date.outputs.formatted }}
           build-args: |
             IMAGE_VERSION=${{ matrix.imageVersion.image }}
@@ -129,7 +128,7 @@ jobs:
       - name: publish_release
         id: tag_releases
         run: |
-          gh release create v${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}--v${{ steps.current_date.outputs.formatted }}--${{ steps.latest_commit_hash.outputs.commit }} --notes ${{ steps.latest_commit_hash.outputs.commit }} --target develop --repo $GITHUB_REPOSITORY
+          gh release create v${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}--${{ steps.current_date.outputs.formatted }}--${{ steps.latest_commit_hash.outputs.commit }} --notes ${{ steps.latest_commit_hash.outputs.commit }} --target develop --repo $GITHUB_REPOSITORY
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}