From c442aadbeb6086711ef17ac126dedb051fb575a8 Mon Sep 17 00:00:00 2001
From: youben11 <ayoub.benaissa@zama.ai>
Date: Thu, 31 Oct 2024 13:52:24 +0100
Subject: [PATCH] fix(ci): disable trivy as it's failing to get vuln DB

---
 .../compiler_publish_docker_images.yml        | 61 ++++++++++---------
 .../concrete_python_push_docker_image.yml     | 19 +++---
 2 files changed, 42 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/compiler_publish_docker_images.yml b/.github/workflows/compiler_publish_docker_images.yml
index b161abca32..30c015228b 100644
--- a/.github/workflows/compiler_publish_docker_images.yml
+++ b/.github/workflows/compiler_publish_docker_images.yml
@@ -64,15 +64,16 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --no-cache \
             --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} .
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ matrix.image }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ matrix.image }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Tag and Publish Image
         run: |
@@ -114,16 +115,17 @@ jobs:
         if: ${{ steps.login.conclusion != 'skipped' }}
         run: docker build -t "${IMAGE}" -f docker/Dockerfile.hpx-env .
 
-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Publish
         if: ${{ steps.login.conclusion != 'skipped' }}
@@ -172,16 +174,17 @@ jobs:
           docker image tag "${IMAGE}" "${IMAGE}:${{ matrix.tag }}"
           docker push "${IMAGE}:${{ matrix.tag }}"
 
-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Push Latest Image
         if: ${{ steps.login.conclusion != 'skipped' && matrix.tag == '11-8' }}
diff --git a/.github/workflows/concrete_python_push_docker_image.yml b/.github/workflows/concrete_python_push_docker_image.yml
index b6403bb69e..f88248a464 100644
--- a/.github/workflows/concrete_python_push_docker_image.yml
+++ b/.github/workflows/concrete_python_push_docker_image.yml
@@ -34,15 +34,16 @@ jobs:
           mkdir empty_context
           docker image build -t ${{ env.NAME_TAG }} --build-arg version=${{ env.VERSION }} -f ${{ env.DOCKER_FILE }} empty_context
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.NAME_TAG }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.NAME_TAG }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Login to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567