lhotari commented on code in PR #22386:
URL: https://github.com/apache/pulsar/pull/22386#discussion_r1545451332
##########
.github/workflows/ci-trivy-container-scan.yaml:
##########
@@ -42,7 +42,42 @@ jobs:
- 'latest'
env:
IMAGE_REF: '${{ matrix.docker-image }}:${{ matrix.docker-tag }}'
+ JDK_DISTRIBUTION: corretto
+ CI_JDK_MAJOR_VERSION: 21
+
steps:
+ - name: checkout
+ uses: actions/checkout@v4
+
+ - name: Cache Maven dependencies
+ uses: actions/cache@v4
+ timeout-minutes: 5
+ with:
+ path: |
+ ~/.m2/repository/*/*/*
+ !~/.m2/repository/org/apache/pulsar
+ key: ${{ runner.os }}-m2-dependencies-core-modules-${{
hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-m2-dependencies-core-modules-
+
+ - name: Set up JDK
+ uses: actions/setup-java@v4
+ with:
+ distribution: ${{ env.JDK_DISTRIBUTION }}
+ java-version: ${{ env.CI_JDK_MAJOR_VERSION }}
+
+ - name: restore maven build results from Github artifact cache
+ run: |
+ cd $HOME
+ $GITHUB_WORKSPACE/build/pulsar_ci_tool.sh
restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries
Review Comment:
this works only within pulsar-ci.yaml.
we could consider adding the trivy scan for the master branch as part of
pulsar-ci.yaml since there's also a scheduled build using it. The job could be
made to run only for the scheduled build.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
