From 0076155ef1609d4aba2400470c125a96e3dc361c Mon Sep 17 00:00:00 2001
From: ilia <ilia@levkin.ca>
Date: Sun, 14 Dec 2025 09:06:53 -0500
Subject: [PATCH] Fix: Improve Trivy installation with multiple fallback
 methods and better error handling

---
 .gitea/workflows/ci.yml | 42 +++++++++++++++++++++++++++++++++--------
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index a0514d3..c947661 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -101,11 +101,24 @@ jobs:
 
       - name: Install Trivy
         run: |
-          apt-get update && apt-get install -y wget curl
-          # Use direct binary download (more reliable than apt repo)
-          wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
+          apt-get update && apt-get install -y wget curl tar
+          # Try multiple download methods for reliability
+          echo "Downloading Trivy..."
+          if wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64.tar.gz" -O /tmp/trivy.tar.gz 2>&1; then
+            echo "Downloaded tar.gz, extracting..."
+            tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
+            mv /tmp/trivy /usr/local/bin/trivy
+          elif wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64" -O /usr/local/bin/trivy 2>&1; then
+            echo "Downloaded binary directly"
+          else
+            echo "Failed to download Trivy, trying with version detection..."
+            TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
+            wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -O /tmp/trivy.tar.gz
+            tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
+            mv /tmp/trivy /usr/local/bin/trivy
+          fi
           chmod +x /usr/local/bin/trivy
-          trivy --version
+          /usr/local/bin/trivy --version
           trivy --version
 
       - name: Scan npm dependencies
@@ -288,11 +301,24 @@ jobs:
 
       - name: Install Trivy
         run: |
-          apt-get update && apt-get install -y wget curl
-          # Use direct binary download (more reliable than apt repo)
-          wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
+          apt-get update && apt-get install -y wget curl tar
+          # Try multiple download methods for reliability
+          echo "Downloading Trivy..."
+          if wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64.tar.gz" -O /tmp/trivy.tar.gz 2>&1; then
+            echo "Downloaded tar.gz, extracting..."
+            tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
+            mv /tmp/trivy /usr/local/bin/trivy
+          elif wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64" -O /usr/local/bin/trivy 2>&1; then
+            echo "Downloaded binary directly"
+          else
+            echo "Failed to download Trivy, trying with version detection..."
+            TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
+            wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -O /tmp/trivy.tar.gz
+            tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
+            mv /tmp/trivy /usr/local/bin/trivy
+          fi
           chmod +x /usr/local/bin/trivy
-          trivy --version
+          /usr/local/bin/trivy --version
           trivy --version
 
       - name: Scan for Dockerfiles and container configs