ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Improve Trivy installation with multiple fallback methods and better error handling
Some checks failed
CI / lint-and-test (push) Successful in 56s
Details
CI / ansible-validation (push) Successful in 2m19s
Details
CI / secret-scanning (push) Successful in 1m28s
Details
CI / dependency-scan (push) Failing after 1m30s
Details
CI / sast-scan (push) Successful in 2m28s
Details
CI / license-check (push) Successful in 53s
Details
CI / vault-check (push) Successful in 1m53s
Details
CI / playbook-test (push) Successful in 1m57s
Details
CI / container-scan (push) Successful in 1m24s
Details

Browse Source
This commit is contained in:
ilia 2025-12-14 09:06:53 -05:00
parent 67a9b3ca2b
commit 0076155ef1
1 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
.gitea/workflows/ci.yml
View File

@ -101,11 +101,24 @@ jobs:
- name: Install Trivy - name: Install Trivy
run: | run: |
apt-get update && apt-get install -y wget curl apt-get update && apt-get install -y wget curl tar
# Use direct binary download (more reliable than apt repo) # Try multiple download methods for reliability
wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 echo "Downloading Trivy..."
if wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64.tar.gz" -O /tmp/trivy.tar.gz 2>&1; then
echo "Downloaded tar.gz, extracting..."
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
elif wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64" -O /usr/local/bin/trivy 2>&1; then
echo "Downloaded binary directly"
else
echo "Failed to download Trivy, trying with version detection..."
TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -O /tmp/trivy.tar.gz
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
fi
chmod +x /usr/local/bin/trivy chmod +x /usr/local/bin/trivy
trivy --version /usr/local/bin/trivy --version
trivy --version trivy --version
- name: Scan npm dependencies - name: Scan npm dependencies
@ -288,11 +301,24 @@ jobs:
- name: Install Trivy - name: Install Trivy
run: | run: |
apt-get update && apt-get install -y wget curl apt-get update && apt-get install -y wget curl tar
# Use direct binary download (more reliable than apt repo) # Try multiple download methods for reliability
wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 echo "Downloading Trivy..."
if wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64.tar.gz" -O /tmp/trivy.tar.gz 2>&1; then
echo "Downloaded tar.gz, extracting..."
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
elif wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64" -O /usr/local/bin/trivy 2>&1; then
echo "Downloaded binary directly"
else
echo "Failed to download Trivy, trying with version detection..."
TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -O /tmp/trivy.tar.gz
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
fi
chmod +x /usr/local/bin/trivy chmod +x /usr/local/bin/trivy
trivy --version /usr/local/bin/trivy --version
trivy --version trivy --version
- name: Scan for Dockerfiles and container configs - name: Scan for Dockerfiles and container configs