platform/seed-data
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: replace aquasecurity/trivy-action with inline binary
ci / shared (pull_request) Failing after 3s
Details

Browse Source 
The trivy-action does an internal actions/checkout against
github.com/aquasecurity/trivy, which fails on Gitea (act_runner
injects Gitea creds; clone returns exit 128). Switch to the same
inline-download pattern we use for gitleaks.

Refs: M0.2
This commit is contained in:
Sharang Parnerkar
2026-05-18 21:36:14 +02:00
parent d9b49819c1
commit 50d03133d9
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yaml
+7 -6
View File
@@ -49,9 +49,10 @@ jobs:
/tmp/gitleaks detect --source . --no-banner --redact --verbose --exit-code 1 /tmp/gitleaks detect --source . --no-banner --redact --verbose --exit-code 1
- name: trivy fs scan - name: trivy fs scan
uses: aquasecurity/trivy-action@master shell: bash
with: run: |
scan-type: fs set -euo pipefail
severity: HIGH,CRITICAL TRIVY_VERSION=0.50.0
exit-code: 1 curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
ignore-unfixed: true | tar -xz -C /tmp trivy
/tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist .