custom retry logic for trivy scanning

udx · Sep 23, 2024 · 5d066c4 · 5d066c4
1 parent e77c02f
commit 5d066c4
Showing 1 changed file with 27 additions and 6 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -36,12 +36,33 @@ jobs:
         run: |
           curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin
 
-      - name: Trivy Scanning
+      - name: Trivy Scanning with Retry
         run: |
-          trivy image --severity HIGH,CRITICAL --exit-code 0 --quiet --retry 3 udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
-          if grep -E "Total: [1-9]" trivy.log; then
-            echo "HIGH or CRITICAL vulnerabilities detected!"
+          # Retry logic for Trivy
+          max_retries=3
+          attempt=1
+          success=false
+
+          while [ $attempt -le $max_retries ]; do
+            echo "Running Trivy scan, attempt $attempt..."
+            trivy image --severity HIGH,CRITICAL --exit-code 0 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
+
+            if grep -E "Total: [1-9]" trivy.log; then
+              echo "HIGH or CRITICAL vulnerabilities detected!"
+              exit 1
+            else
+              echo "No HIGH or CRITICAL vulnerabilities found."
+              success=true
+              break
+            fi
+
+            # If the attempt fails, wait for 30 seconds before retrying
+            echo "Trivy scan failed, retrying in 30 seconds..."
+            sleep 30
+            attempt=$((attempt+1))
+          done
+
+          if [ "$success" = false ]; then
+            echo "Failed to complete Trivy scan after $max_retries attempts."
             exit 1
-          else
-            echo "No HIGH or CRITICAL vulnerabilities found."
           fi