From 2a5bb93583b28d8336765fbcfbd777b3798f2eb3 Mon Sep 17 00:00:00 2001 From: Dimitris Karakasilis Date: Thu, 3 Oct 2024 13:56:01 +0300 Subject: [PATCH] Cache even more trivy (#2914) Signed-off-by: Dimitris Karakasilis --- .github/workflows/image-arm-pr.yaml | 24 ++++++++++++++++++++++ .github/workflows/image-arm.yaml | 32 +++++++++++++++++++++++++++-- 2 files changed, 54 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-arm-pr.yaml b/.github/workflows/image-arm-pr.yaml index 4943ba73c..097cb219e 100644 --- a/.github/workflows/image-arm-pr.yaml +++ b/.github/workflows/image-arm-pr.yaml @@ -13,9 +13,31 @@ env: FORCE_COLOR: 1 EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} jobs: + # Populate the trivy cache once for all later jobs to use + trivy-cache: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + fetch-depth: 0 + - name: Install earthly + uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1 + with: + repository: quay.io/kairos/packages + packages: utils/earthly + - name: Restore trivy cache + uses: yogeshlonkar/trivy-cache-action@v0 + with: + gh-token: ${{ secrets.GITHUB_TOKEN }} + - name: Populate trivy Cache + run: | + [ ! -d ".trivy" ] && mkdir -p ".trivy" + earthly +trivy-download-db --DIR .trivy opensuse: uses: ./.github/workflows/reusable-docker-arm-build.yaml secrets: inherit + needs: + - trivy-cache permissions: id-token: write # OIDC support contents: write @@ -41,6 +63,8 @@ jobs: alpine: uses: ./.github/workflows/reusable-docker-arm-build.yaml secrets: inherit + needs: + - trivy-cache permissions: id-token: write # OIDC support contents: write diff --git a/.github/workflows/image-arm.yaml b/.github/workflows/image-arm.yaml index 8094394a7..4b7368e8f 100644 --- a/.github/workflows/image-arm.yaml +++ b/.github/workflows/image-arm.yaml @@ -81,8 +81,31 @@ jobs: # end of optional handling for multi line json echo "::set-output name=matrix::{\"include\": $content }" + # Populate the trivy cache once for all later jobs to use + trivy-cache: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + fetch-depth: 0 + - name: Install earthly + uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1 + with: + repository: quay.io/kairos/packages + packages: utils/earthly + - name: Restore trivy cache + uses: yogeshlonkar/trivy-cache-action@v0 + with: + gh-token: ${{ secrets.GITHUB_TOKEN }} + - name: Populate trivy Cache + run: | + [ ! -d ".trivy" ] && mkdir -p ".trivy" + earthly +trivy-download-db --DIR .trivy + build-nvidia-base: runs-on: fast + needs: + - trivy-cache steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: @@ -184,7 +207,9 @@ jobs: pull-requests: read repository-projects: read statuses: read - needs: build-nvidia-base + needs: + - build-nvidia-base + - trivy-cache secrets: inherit with: flavor: ubuntu @@ -220,13 +245,16 @@ jobs: base_image: ${{ matrix.baseImage }} worker: ${{ matrix.worker }} needs: - - get-core-matrix + - get-core-matrix + - trivy-cache strategy: fail-fast: false matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}} image_and_iso_arm64_generic: uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml + needs: + - trivy-cache secrets: inherit with: flavor: "opensuse"