improved retry logic for trivy scanning

udx · Sep 24, 2024 · 0bb9782 · 0bb9782
1 parent 5b1ffe4
commit 0bb9782
Showing 1 changed file with 31 additions and 31 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -36,36 +36,36 @@ jobs:
         run: |
           curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin
 
-      - name: Trivy Scanning with Retry
-        run: |
-          # Enable exit on error
-          set -e
-          
-          # Retry logic for Trivy
-          max_retries=3
-          attempt=1
-          success=false
-      
-          while [ $attempt -le $max_retries ]; do
-            echo "Running Trivy scan, attempt $attempt..."
-            trivy image --severity CRITICAL --exit-code 1 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
+          - name: Trivy Scanning with Retry
+          run: |
+            # Enable exit on error
+            set -e
             
-            if grep -E "Total: [1-9]" trivy.log; then
-              echo "CRITICAL vulnerabilities detected!"
+            # Retry logic for Trivy
+            max_retries=5
+            attempt=1
+            success=false
+        
+            while [ $attempt -le $max_retries ]; do
+              echo "Running Trivy scan, attempt $attempt..."
+              trivy image --severity CRITICAL --exit-code 1 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
+              
+              if grep -E "Total: [1-9]" trivy.log; then
+                echo "CRITICAL vulnerabilities detected!"
+                exit 1
+              else
+                echo "No CRITICAL vulnerabilities found."
+                success=true
+                break
+              fi
+        
+              # If the attempt fails, wait for 2 minutes before retrying
+              echo "Trivy scan failed, retrying in 2 minutes..."
+              sleep 120
+              attempt=$((attempt+1))
+            done
+        
+            if [ "$success" = false ]; then
+              echo "Failed to complete Trivy scan after $max_retries attempts."
               exit 1
-            else
-              echo "No CRITICAL vulnerabilities found."
-              success=true
-              break
-            fi
-
-            # If the attempt fails, wait for 30 seconds before retrying
-            echo "Trivy scan failed, retrying in 30 seconds..."
-            sleep 30
-            attempt=$((attempt+1))
-          done
-
-          if [ "$success" = false ]; then
-            echo "Failed to complete Trivy scan after $max_retries attempts."
-            exit 1
-          fi
+            fi