-
Notifications
You must be signed in to change notification settings - Fork 77
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix TOOMANYREQUESTS failure in Trivy Action
- Loading branch information
1 parent
98393cd
commit 6ad9487
Showing
5 changed files
with
68 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -128,8 +128,13 @@ jobs: | |
for ITEM in $TAR_FILES ; do | ||
IMAGE_NAME=${ITEM%*.tar} | ||
echo ${IMAGE_NAME} | ||
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }} | ||
docker load -i test/.download/${ITEM} | ||
echo "list docker images" && docker images | ||
ITEM_IMAGE_ID=$(docker images | grep ${IMAGE_NAME%*-race}| grep ${{ inputs.image_tag }} | awk '{print $3}') | ||
docker tag ${ITEM_IMAGE_ID} ${IMAGE_NAME}:${{ inputs.image_tag }} | ||
done | ||
echo "list all docker images" | ||
docker images | ||
# test against commit version | ||
# https://github.com/kubernetes-sigs/kind/issues/2863 | ||
|
@@ -160,7 +165,33 @@ jobs: | |
-e INSTALL_KDOCTOR=true \ | ||
-e INSTALL_OVS=${INSTALL_OVS_VALUE} \ | ||
-e INSTALL_RDMA=true \ | ||
-e INSTALL_SRIOV=true | ||
-e INSTALL_SRIOV=true || RESULT=1 | ||
if ((RESULT==0)) ; then | ||
echo "RUN_SETUP_KIND_CLUSTER_PASS=true" >> $GITHUB_ENV | ||
else | ||
echo "RUN_SETUP_KIND_CLUSTER_PASS=false" >> $GITHUB_ENV | ||
fi | ||
if [ -f "test/e2edebugLog.txt" ] ; then | ||
echo "UPLOAD_SETUP_KIND_CLUSTER_LOG=true" >> $GITHUB_ENV | ||
else | ||
echo "UPLOAD_SETUP_KIND_CLUSTER_LOG=false" >> $GITHUB_ENV | ||
fi | ||
- name: Upload Setup Kind Cluster log | ||
if: ${{ env.RUN_SETUP_KIND_CLUSTER_PASS == 'false' && env.UPLOAD_SETUP_KIND_CLUSTER_LOG == 'true' }} | ||
uses: actions/[email protected] | ||
with: | ||
name: ${{ inputs.os }}-${{ inputs.ip_family }}-${{ matrix.e2e_test_mode }}-${{ inputs.k8s_version }}-setupkind.txt | ||
path: test/e2edebugLog.txt | ||
retention-days: 7 | ||
|
||
- name: Show Setup Kind Cluster Result | ||
run: | | ||
if ${{ env.RUN_SETUP_KIND_CLUSTER_PASS == 'true' }} ;then | ||
exit 0 | ||
else | ||
exit 1 | ||
fi | ||
- name: Run e2e Test | ||
id: run_e2e | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,24 +35,22 @@ jobs: | |
name: image-tar-spiderpool-controller | ||
path: test/.download | ||
|
||
- name: Load And Scan Images | ||
run: | | ||
TAR_FILES=` ls test/.download ` | ||
echo $TAR_FILES | ||
for ITEM in $TAR_FILES ; do | ||
IMAGE_NAME=${ITEM%*.tar} | ||
echo ${IMAGE_NAME} | ||
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }} | ||
echo "---------trivy checkout image ${IMAGE_NAME}:${{ inputs.image_tag }} --------------------" | ||
make lint_image_trivy -e IMAGE_NAME=${IMAGE_NAME}:${{ inputs.image_tag }} \ | ||
|| { echo "RUN_IMAGE_TRIVY_FAIL=true" >> $GITHUB_ENV ; echo "error, image ${IMAGE_NAME}:${{ inputs.image_tag }} is bad" ; } | ||
done | ||
- name: List downloaded files | ||
run: ls -al test/.download | ||
|
||
- name: Show Trivy Scan Report | ||
run: | | ||
if [ "${{ env.RUN_IMAGE_TRIVY_FAIL }}" == "true" ] ; then | ||
echo "error, image is not secure, see detail on Step 'Load And Scan Images' " | ||
exit 1 | ||
else | ||
exit 0 | ||
fi | ||
# https://github.com/aquasecurity/trivy-action/issues/389 | ||
- name: load and scan spiderpool-agent image | ||
uses: aquasecurity/[email protected] | ||
env: | ||
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db | ||
with: | ||
input: test/.download/spiderpool-agent-race.tar | ||
severity: 'CRITICAL,HIGH' | ||
|
||
- name: load and scan spiderpool-controller image | ||
uses: aquasecurity/[email protected] | ||
env: | ||
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db | ||
with: | ||
input: test/.download/spiderpool-controller-race.tar | ||
severity: 'CRITICAL,HIGH' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters