Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-05 22:38:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Revert "Fix trivy scans"

Browse source 
This reverts commit 0f6aa3d5b1.
This commit is contained in:
Jake Barnby 2024-11-06 16:24:55 +13:00
parent 0f6aa3d5b1
commit 90f63a30f6
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
2 changed files with 4 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
.github/workflows/nightly.yml vendored
View file

@ -5,36 +5,6 @@ on:
workflow_dispatch:
jobs:
update-trivy-db:
runs-on: ubuntu-latest
steps:
- name: Setup oras
uses: oras-project/setup-oras@v1
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Download and extract the vulnerability DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
oras pull ghcr.io/aquasecurity/trivy-db:2
tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
rm db.tar.gz
- name: Download and extract the Java DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
oras pull ghcr.io/aquasecurity/trivy-java-db:1
tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
rm javadb.tar.gz
- name: Cache DBs
uses: actions/cache/save@v4
with:
path: ${{ github.workspace }}/.cache/trivy
key: cache-trivy-${{ steps.date.outputs.date }}
scan-image:
name: Scan Docker Image
runs-on: ubuntu-latest
@ -43,22 +13,16 @@ jobs:
uses: actions/checkout@v4
with:
submodules: recursive
- name: Build the Docker image
run: docker build . -t appwrite_image:latest
- name: Run Trivy vulnerability scanner on image
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'appwrite_image:latest'
format: 'sarif'
output: 'trivy-image-results.sarif'
ignore-unfixed: 'false'
severity: 'CRITICAL,HIGH'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Upload Docker Image Scan Results
uses: github/codeql-action/upload-sarif@v2
with:
@ -70,18 +34,13 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner on filesystem
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
format: 'sarif'
output: 'trivy-fs-results.sarif'
severity: 'CRITICAL,HIGH'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Upload Code Scan Results
uses: github/codeql-action/upload-sarif@v2
with:

10
.github/workflows/pr-scan.yml vendored
View file

@ -26,27 +26,21 @@ jobs:
tags: pr_image:${{ github.sha }}
- name: Run Trivy vulnerability scanner on image
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'pr_image:${{ github.sha }}'
format: 'json'
output: 'trivy-image-results.json'
severity: 'CRITICAL,HIGH'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Run Trivy vulnerability scanner on source code
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
scan-ref: '.'
format: 'json'
output: 'trivy-fs-results.json'
severity: 'CRITICAL,HIGH'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Process Trivy scan results
id: process-results