Skip to content

Commit 2e7ca41

Browse files
onobconobc
committed
[CI] Do not run Trivy scan by default (1.1.x branch)
To get around recent TOOMANYREQUESTS from Trivy during DB download, this commit does the following: - removes the scan from ci-pr.yml altogether - makes scan optional (default false) for ci.yml
1 parent c835079 commit 2e7ca41

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

.github/workflows/ci-pr.yml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -103,14 +103,9 @@ jobs:
103103
-PspringBootVersion="$BOOT_VERSION" \
104104
-PsampleTests \
105105
:runAllSampleTests
106-
scan:
107-
needs: [prerequisites]
108-
if: needs.prerequisites.outputs.runjobs
109-
uses: ./.github/workflows/trivy-scan.yml
110-
111106
done:
112107
runs-on: ubuntu-latest
113-
needs: [ build_and_verify, check_samples, scan ]
108+
needs: [ build_and_verify, check_samples ]
114109
steps:
115110
- name: 'Done'
116111
shell: bash

.github/workflows/ci.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,12 @@ on:
77
paths-ignore:
88
- '.github/**'
99
workflow_dispatch:
10+
inputs:
11+
run-trivy-scan:
12+
description: 'Run Trivy scan ?'
13+
default: false
14+
required: false
15+
type: boolean
1016

1117
env:
1218
GCHAT_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_GCHAT_WEBHOOK_URL }}
@@ -91,7 +97,7 @@ jobs:
9197
:runAllSampleTests
9298
scan:
9399
needs: [prerequisites]
94-
if: needs.prerequisites.outputs.runjobs
100+
if: ${{ needs.prerequisites.outputs.runjobs && inputs.run-trivy-scan }}
95101
uses: ./.github/workflows/trivy-scan.yml
96102
deploy_artifacts:
97103
name: Deploy Artifacts

0 commit comments

Comments
 (0)