From e145212ae5de41275da3b117ff568f7b5edae07b Mon Sep 17 00:00:00 2001 From: Stefan Nica Date: Fri, 2 Oct 2020 12:19:15 +0200 Subject: [PATCH] CI workflows: use github token for trivy Trivy is running into github rate limiting while downloading the vulnerability database from https://github.com/aquasecurity/trivy-db. Using github authentication increases the rate limit from 60 requests per hour to 5000 requests per hour. --- .github/workflows/periodic-20.yml | 8 ++++++-- .github/workflows/periodic-21.yml | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/periodic-20.yml b/.github/workflows/periodic-20.yml index 55dac81f..8bfc70d0 100644 --- a/.github/workflows/periodic-20.yml +++ b/.github/workflows/periodic-20.yml @@ -71,11 +71,15 @@ jobs: - name: Generate helm values file for CI run: | cat << EOF | tee ${NAMESPACE}.yaml + suse: + AcceptBetaEULA: "yes" expose: ingress: hosts: core: "${NAMESPACE}.${INGRESS_IP}.nip.io" externalURL: "https://${NAMESPACE}.${INGRESS_IP}.nip.io" + trivy: + gitHubToken: "${{ secrets.GITHUB_TOKEN }}" updateStrategy: type: Recreate internalTLS: @@ -100,7 +104,7 @@ jobs: helm chart export ${{ matrix.install_src }}/charts/${{ matrix.install_src_suffix }} # replace images repository according to source sed -i 's,registry.suse.com,${{ matrix.install_src }}/containers,g' ${chart}/values.yaml - helm install ${NAMESPACE} ${chart} -n ${NAMESPACE} --values ${NAMESPACE}.yaml --timeout 8m --wait --set suse.AcceptBetaEULA=yes + helm install ${NAMESPACE} ${chart} -n ${NAMESPACE} --values ${NAMESPACE}.yaml --timeout 8m --wait - name: SUSE Private Registry (upgrade) if: matrix.upgrade_src env: @@ -112,7 +116,7 @@ jobs: helm chart export ${{ matrix.upgrade_src }}/charts/${{ matrix.upgrade_src_suffix }} # replace images repository according to source sed -i 's,registry.suse.com,${{ matrix.upgrade_src }}/containers,g' ${chart}/values.yaml - helm upgrade ${NAMESPACE} ${chart} -n ${NAMESPACE} --values ${NAMESPACE}.yaml --timeout 8m --wait --set suse.AcceptBetaEULA=yes + helm upgrade ${NAMESPACE} ${chart} -n ${NAMESPACE} --values ${NAMESPACE}.yaml --timeout 8m --wait - name: Run tests id: run_tests run: | diff --git a/.github/workflows/periodic-21.yml b/.github/workflows/periodic-21.yml index 5aa082dd..0e5fe415 100644 --- a/.github/workflows/periodic-21.yml +++ b/.github/workflows/periodic-21.yml @@ -71,6 +71,8 @@ jobs: hosts: core: "${NAMESPACE}.${INGRESS_IP}.nip.io" externalURL: "https://${NAMESPACE}.${INGRESS_IP}.nip.io" + trivy: + gitHubToken: "${{ secrets.GITHUB_TOKEN }}" updateStrategy: type: Recreate internalTLS: