forked from aquasecurity/setup-trivy
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: use
git + install script (aquasecurity#5)
* refactor: use `git` + install script * docs: update README.md * docs: use `v0.2.0` version in README.md * docs: refactor
- Loading branch information
1 parent
8b3109d
commit 7483281
Showing
2 changed files
with
63 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,35 +7,52 @@ Set up your GitHub Actions workflow with a specific version of [Trivy](https://g | |
| # ... | ||
| steps: | ||
| - name: Install Trivy | ||
| uses: aquasecurity/setup-trivy@v0.1.0 | ||
| uses: aquasecurity/setup-trivy@v0.2.0 | ||
| ``` | ||
| ## Install a specific Trivy version | ||
| ```yaml | ||
| # ... | ||
| steps: | ||
| - name: Install Trivy | ||
| uses: aquasecurity/setup-trivy@v0.1.0 | ||
| uses: aquasecurity/setup-trivy@v0.2.0 | ||
| with: | ||
| version: v0.56.1 | ||
| ``` | ||
| ## Caching | ||
| `setup-trivy` uses `actions/cache` under the hood but requires less configuration settings. This caches the trivy binary so that next time you run, instead of downloading the binary it is loaded from the cache. This is *not* the same cache as other Trivy artifacts such as `trivy-db` and `trivy-java-db`. | ||
| The cache input is optional, and caching is turned off by default. | ||
| `setup-trivy` uses `actions/cache` under the hood but requires less configuration settings. | ||
| This caches the trivy binary so that next time you run, instead of downloading the binary it is loaded from the cache. This is *not* the same cache as other Trivy artifacts such as `trivy-db` and `trivy-java-db`. | ||
|
|
||
| The cache input is optional, and caching is turned off by default. | ||
|
|
||
| **Caching is not supported for empty and `latest` versions!** | ||
|
|
||
| ### Enable caching | ||
| If you want to enable caching, set the `cache` input to `true` and specify the `version`. | ||
| If you want to enable caching for Linux and MacOS runners, set the `cache` input to `true` and specify the `version`. | ||
|
|
||
| ```yaml | ||
| steps: | ||
| - name: Install Trivy | ||
| uses: aquasecurity/setup-trivy@v0.1.0 | ||
| uses: aquasecurity/setup-trivy@v0.2.0 | ||
| with: | ||
| version: v0.56.1 | ||
| cache: true | ||
| ``` | ||
|
|
||
| **Caching is not supported for empty and `latest` versions!** | ||
| ### Custom path to Trivy binary | ||
| `action/cache` doesn't support absolute `path` for Windows runners (see [here](https://github.com/actions/cache/issues/1455) for more details). | ||
|
|
||
| To enable caching for Windows runner or if you need to change the Trivy installation directory for other reasons - use `path` input. | ||
|
|
||
| **`setup-trivy` adds `trivy-bin` directory to avoid caching unnecessary files** | ||
|
|
||
| ```yaml | ||
| steps: | ||
| - name: Install Trivy | ||
| uses: aquasecurity/[email protected] | ||
| with: | ||
| version: v0.56.1 | ||
| cache: true | ||
| path: "./bins" | ||
| ``` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,10 @@ inputs: | |
| description: 'Trivy version to install' | ||
| required: false | ||
| default: 'latest' | ||
| path: | ||
| description: 'Path in runner to install Trivy. Trivy will be installed in "<path>/trivy-bin" dir ("$HOME/.local/bin/trivy-bin" by default)' | ||
| required: false | ||
| default: '$HOME/.local/bin' | ||
| cache: | ||
| description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.' | ||
| required: false | ||
|
|
@@ -15,52 +19,46 @@ inputs: | |
| runs: | ||
| using: 'composite' | ||
| steps: | ||
| # All objects must be lowercase: | ||
| # https://github.com/jaxxstorm/action-install-gh-release/issues/71#issuecomment-1780893687 | ||
| - name: Set platform name | ||
| id: set-platform | ||
| - name: Binary dir | ||
| id: binary-dir | ||
| shell: bash | ||
| run: | | ||
| lowercase_repo=$(echo "${{ runner.os }}" | tr '[:upper:]' '[:lower:]') | ||
| echo "PLATFORM=${lowercase_repo}" >> $GITHUB_OUTPUT | ||
| run: echo "dir=${{ inputs.path }}/trivy-bin" >> $GITHUB_OUTPUT | ||
|
|
||
| # All objects must be lowercase: | ||
| # https://github.com/jaxxstorm/action-install-gh-release/issues/71#issuecomment-1780893687 | ||
| - name: Set arch name | ||
| id: set-arch | ||
| ## Don't cache `latest` version | ||
| - name: Check the version for caching | ||
| if: ${{ inputs.cache == 'true' && inputs.version == 'latest' }} | ||
| shell: bash | ||
| run: | | ||
| if [ "${{ runner.arch }}" == "X86" ]; then | ||
| echo "ARCH=32bit" >> $GITHUB_OUTPUT | ||
| elif [ "${{ runner.arch }}" == "X64" ]; then | ||
| echo "ARCH=64bit" >> $GITHUB_OUTPUT | ||
| elif [ "${{ runner.arch }}" == "ARM" ]; then | ||
| echo "ARCH=arm" >> $GITHUB_OUTPUT | ||
| elif [ "${{ runner.arch }}" == "ARM64" ]; then | ||
| echo "ARCH=arm64" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "Unsupported architecture" | ||
| exit 1 | ||
| fi | ||
| echo "'setup-trivy' doesn't currently support caching the `latest` version" | ||
| echo "read https://github.com/aquasecurity/setup-trivy?tab=readme-ov-file#caching for more details" | ||
| - name: Restore Trivy binary from cache | ||
| if: ${{ inputs.cache == 'true' && inputs.version != 'latest' }} | ||
| id: cache | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ steps.binary-dir.outputs.dir }} | ||
| key: trivy-binary-${{ inputs.version }}-${{ runner.os }}-${{ runner.arch }} | ||
|
|
||
| - name: Checkout install script | ||
| if: steps.cache.outputs.cache-hit != 'true' | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: aquasecurity/trivy | ||
| sparse-checkout: | | ||
| contrib/install.sh | ||
| sparse-checkout-cone-mode: false | ||
| path: trivy | ||
| fetch-depth: 1 | ||
|
|
||
| # jaxxstorm/action-install-gh-release uses `cache: enable` instead of boolean value | ||
| - name: Enable cache | ||
| id: enable-cache | ||
| - name: Install Trivy | ||
| if: steps.cache.outputs.cache-hit != 'true' | ||
| shell: bash | ||
| run: | | ||
| if [ "${{ inputs.cache }}" == "true" ]; then | ||
| if [ "${{ inputs.version }}" == "latest" ]; then | ||
| echo "Trivy binaries caching for 'latest' tag is not supported" | ||
| else | ||
| echo "CACHE=enable" >> $GITHUB_OUTPUT | ||
| fi | ||
| fi | ||
| echo "installing Trivy binary" | ||
| bash ./trivy/contrib/install.sh -b ${{ steps.binary-dir.outputs.dir }} ${{ inputs.version }} | ||
| - name: Install Trivy | ||
| uses: jaxxstorm/[email protected] | ||
| with: | ||
| repo: aquasecurity/trivy | ||
| tag: ${{ inputs.version }} | ||
| platform: ${{ steps.set-platform.outputs.PLATFORM }} | ||
| arch: ${{ steps.set-arch.outputs.ARCH }} | ||
| cache: ${{ steps.enable-cache.outputs.CACHE }} | ||
| ## Add the Trivy binary, retrieved from cache or installed by a script, to $GITHUB_PATH | ||
| - name: Add Trivy binary to $GITHUB_PATH | ||
| shell: bash | ||
| run: echo ${{ steps.binary-dir.outputs.dir }} >> $GITHUB_PATH | ||