From 9570979bff2495b98ef351f1405c69ad05b9cb27 Mon Sep 17 00:00:00 2001 From: saisatishkarra Date: Thu, 22 Aug 2024 01:14:45 -0500 Subject: [PATCH] use temporary cache key and restore keys for grype cache --- security-actions/sca/action.yml | 13 +++++++------ security-actions/scan-docker-image/action.yml | 15 ++++++++------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/security-actions/sca/action.yml b/security-actions/sca/action.yml index 6be40a2b..abc2df8e 100644 --- a/security-actions/sca/action.yml +++ b/security-actions/sca/action.yml @@ -126,12 +126,14 @@ runs: id: grype_db if: ${{ inputs.force_grype_db_update != 'true' }} uses: actions/cache@v4 - env: - cache-name: cache_grype_db with: # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS path: ~/.cache/grype/db - key: ${{ env.cache-name }} + key: | + cache_grype_${{ github.run_id }}_${{ github.run_attempt }} + restore-keys: | + cache_grype_${{ github.run_id }}_ + cache_grype_db # Make a network call to anchore grype CDN. # This could fail when CDN is flaky for long periods of time. @@ -181,12 +183,11 @@ runs: if: ${{ steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} id: save_grype_db_cache_updates uses: actions/cache/save@v4 - env: - cache-name: cache_grype_db # Use generic cache key instead of unique keys for different refs since CVE DB doesn't change frequently with: # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS path: ~/.cache/grype/db - key: ${{ env.cache-name }} + key: | + cache_grype_${{ github.run_id }}_${{ github.run_attempt }} # Don't fail during report generation - name: Vulnerability analysis of SBOM diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml index 1aae493f..c57ef94f 100644 --- a/security-actions/scan-docker-image/action.yml +++ b/security-actions/scan-docker-image/action.yml @@ -130,12 +130,14 @@ runs: id: grype_db if: ${{ inputs.force_grype_db_update != 'true' }} uses: actions/cache@v4 - env: - cache-name: cache_grype_db with: # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS path: ~/.cache/grype/db - key: ${{ env.cache-name }} + key: | + cache_grype_${{ github.run_id }}_${{ github.run_attempt }} + restore-keys: | + cache_grype_${{ github.run_id }}_ + cache_grype_db # Make a network call to anchore grype CDN. # This could fail when CDN is flaky for long periods of time. @@ -186,13 +188,12 @@ runs: if: ${{ steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} id: save_grype_db_cache_updates uses: actions/cache/save@v4 - env: - cache-name: cache_grype_db # Use generic cache key instead of unique keys for different refs since CVE DB doesn't change frequently with: # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS path: ~/.cache/grype/db - key: ${{ env.cache-name }} - + key: | + cache_grype_${{ github.run_id }}_${{ github.run_attempt }} + # Grype is invoked first time ever # Don't fail during report generation - name: Vulnerability analysis of SBOM