platform/design-tokens
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: replace aquasecurity/trivy-action with inline binary
ci / shared (pull_request) Failing after 3s
Details
ci / test (pull_request) Has been skipped
Details
ci / e2e (pull_request) Has been skipped
Details
ci / image (pull_request) Has been skipped
Details

Browse Source 
The trivy-action does an internal actions/checkout against
github.com/aquasecurity/trivy, which fails on Gitea (act_runner
injects Gitea creds; clone returns exit 128). Switch to the same
inline-download pattern we use for gitleaks.

Refs: M0.2
This commit is contained in:
Sharang Parnerkar
2026-05-18 21:36:11 +02:00
parent ca046f3ddb
commit aabe7cd60b
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yaml
+7 -6
View File
@@ -47,12 +47,13 @@ jobs:
/tmp/gitleaks detect --source . --no-banner --redact --verbose --exit-code 1
- name: trivy fs scan
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
severity: HIGH,CRITICAL
exit-code: 1
ignore-unfixed: true
shell: bash
run: |
set -euo pipefail
TRIVY_VERSION=0.50.0
curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
| tar -xz -C /tmp trivy
/tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist .
test:
runs-on: docker