ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Update CI workflow to install a fixed version of Trivy for improved reliability and error handling during installation
All checks were successful
CI / lint-and-test (pull_request) Successful in 1m2s
Details
CI / ansible-validation (pull_request) Successful in 3m6s
Details
CI / secret-scanning (pull_request) Successful in 56s
Details
CI / dependency-scan (pull_request) Successful in 1m0s
Details
CI / sast-scan (pull_request) Successful in 2m13s
Details
CI / license-check (pull_request) Successful in 57s
Details
CI / vault-check (pull_request) Successful in 2m8s
Details
CI / playbook-test (pull_request) Successful in 2m2s
Details
CI / container-scan (pull_request) Successful in 1m26s
Details
CI / sonar-analysis (pull_request) Successful in 2m3s
Details
CI / workflow-summary (pull_request) Successful in 52s
Details

Browse Source
This commit is contained in:
ilia 2025-12-15 15:50:04 -05:00
parent 9e7ef8159b
commit c017ec6941
1 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.gitea/workflows/ci.yml
View File

@ -242,22 +242,43 @@ jobs:
- name: Install Trivy
run: |
set -e
apt-get update && apt-get install -y wget curl tar
# Try multiple download methods for reliability
echo "Downloading Trivy..."
if wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64.tar.gz" -O /tmp/trivy.tar.gz 2>&1; then
echo "Downloaded tar.gz, extracting..."
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
elif wget -q "https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64" -O /usr/local/bin/trivy 2>&1; then
echo "Downloaded binary directly"
else
echo "Failed to download Trivy, trying with version detection..."
TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -O /tmp/trivy.tar.gz
tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy
mv /tmp/trivy /usr/local/bin/trivy
# Use a fixed, known-good Trivy version to avoid URL/redirect issues
TRIVY_VERSION="0.58.2"
TRIVY_URL="https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
echo "Installing Trivy version: ${TRIVY_VERSION}"
echo "Downloading from: ${TRIVY_URL}"
if ! wget --progress=bar:force "${TRIVY_URL}" -O /tmp/trivy.tar.gz 2>&1; then
echo "❌ Failed to download Trivy archive"
echo "Checking if file was partially downloaded:"
ls -lh /tmp/trivy.tar.gz 2>/dev/null || echo "No file found"
exit 1
fi
if [ ! -f /tmp/trivy.tar.gz ] || [ ! -s /tmp/trivy.tar.gz ]; then
echo "❌ Downloaded Trivy archive is missing or empty"
exit 1
fi
echo "Download complete. File size: $(du -h /tmp/trivy.tar.gz | cut -f1)"
echo "Extracting Trivy..."
if ! tar -xzf /tmp/trivy.tar.gz -C /tmp/ trivy; then
echo "❌ Failed to extract Trivy binary from archive"
tar -tzf /tmp/trivy.tar.gz 2>&1 | head -20 || true
exit 1
fi
if [ ! -f /tmp/trivy ]; then
echo "❌ Trivy binary not found after extraction"
ls -la /tmp/ | grep trivy || ls -la /tmp/ | head -20
exit 1
fi
mv /tmp/trivy /usr/local/bin/trivy
chmod +x /usr/local/bin/trivy
/usr/local/bin/trivy --version
trivy --version