onobc commented on code in PR #22386:
URL: https://github.com/apache/pulsar/pull/22386#discussion_r1545732194
##########
.github/workflows/ci-trivy-container-scan.yaml:
##########
@@ -42,7 +42,42 @@ jobs:
- 'latest'
env:
IMAGE_REF: '${{ matrix.docker-image }}:${{ matrix.docker-tag }}'
+ JDK_DISTRIBUTION: corretto
+ CI_JDK_MAJOR_VERSION: 21
+
steps:
+ - name: checkout
+ uses: actions/checkout@v4
+
+ - name: Cache Maven dependencies
+ uses: actions/cache@v4
+ timeout-minutes: 5
+ with:
+ path: |
+ ~/.m2/repository/*/*/*
+ !~/.m2/repository/org/apache/pulsar
+ key: ${{ runner.os }}-m2-dependencies-core-modules-${{
hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-m2-dependencies-core-modules-
+
+ - name: Set up JDK
+ uses: actions/setup-java@v4
+ with:
+ distribution: ${{ env.JDK_DISTRIBUTION }}
+ java-version: ${{ env.CI_JDK_MAJOR_VERSION }}
+
+ - name: restore maven build results from Github artifact cache
+ run: |
+ cd $HOME
+ $GITHUB_WORKSPACE/build/pulsar_ci_tool.sh
restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries
Review Comment:
Originally I was going to write a script that used the Trivy CLI and then
this workflow would invoke that script which would allow easy execution
elsewhere (devs running it ad-hoc, build running it, etc..). For the sake of
simplicity and time I went w/ the GH Trivy action.
> [!NOTE]
> The Trivy action is just a lightweight convenience wrapper around the
Trivy CLI and we can easily extract the command by inspecting the action
[output](https://github.com/apache/pulsar/actions/runs/8478690174/job/23231442717#step:4:18)).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
