Set custom action trivyHEAD main

author: Astound <kirito@disroot.org> 2025-01-20 07:00:17 +0800
committer: Astound <kirito@disroot.org> 2025-01-20 07:00:17 +0800
commit: 566719317aafcc92ca1a2e4cb7b280c1598e068d (patch)
tree: b8efac916a14b88df3710946de93ae3f37df7a8d /.gitea
parent: 92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd (diff)
download: gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.tar.lz
gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.tar.xz
gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.zip
1 files changed, 21 insertions, 11 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 6222f62..a5bad7a 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -48,20 +48,30 @@ jobs:
           tags: |
             rusian/gitolite-cgit:latest
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.27.0
+      - name: Run Trivy scan
+        uses: astounds/trivy-action@v1
         with:
-          image-ref: rusian/gitolite-cgit:latest
+          image: 'rusian/gitolite-cgit:latest'
+          severity: 'CRITICAL,HIGH'
+          pkg-types: 'os'
           format: 'table'
           exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os'
-          severity: 'CRITICAL,HIGH'
-        env:
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
-          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
-          TRIVY_SKIP_DB_UPDATE: false
-          TRIVY_SKIP_JAVA_DB_UPDATE: false
+
+      # - name: Install Trivy
+      #   run: |
+      #     curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+      #     trivy --version
+
+      # - name: Run Trivy vulnerability scanner
+      #   run: |
+      #     trivy image rusian/gitolite-cgit:latest \
+      #                 --format table \
+      #                 --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db" \
+      #                 --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1" \
+      #                 --exit-code 1 \
+      #                 --ignore-unfixed \
+      #                 --pkg-types os \
+      #                 --severity CRITICAL,HIGH
 
       - name: Push Docker image
         uses: docker/build-push-action@v6
author	Astound <kirito@disroot.org>	2025-01-20 07:00:17 +0800
committer	Astound <kirito@disroot.org>	2025-01-20 07:00:17 +0800
commit	566719317aafcc92ca1a2e4cb7b280c1598e068d (patch)
tree	b8efac916a14b88df3710946de93ae3f37df7a8d /.gitea
parent	92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd (diff)
download	gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.tar.lz gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.tar.xz gitolite-cgit-docker-566719317aafcc92ca1a2e4cb7b280c1598e068d.zip