This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.3 by this push:
new 81330b506f7 [improve][ci] Continue Pulsar CI build even when Trivy
scanner fails (#23397)
81330b506f7 is described below
commit 81330b506f767fc74fbfe8621f3f4cfe45ba19f0
Author: Lari Hotari <[email protected]>
AuthorDate: Fri Oct 4 18:14:42 2024 +0300
[improve][ci] Continue Pulsar CI build even when Trivy scanner fails
(#23397)
(cherry picked from commit 56200aabc56e75ca9ea5be1edb52d6c9d3f07fe5)
---
.github/workflows/pulsar-ci.yaml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml
index f00140e6f9f..d8e5374e45e 100644
--- a/.github/workflows/pulsar-ci.yaml
+++ b/.github/workflows/pulsar-ci.yaml
@@ -890,8 +890,10 @@ jobs:
run: src/check-binary-license.sh
./distribution/server/target/apache-pulsar-*-bin.tar.gz &&
src/check-binary-license.sh
./distribution/shell/target/apache-pulsar-shell-*-bin.tar.gz
- name: Run Trivy container scan
+ id: trivy_scan
uses: aquasecurity/[email protected]
if: ${{ github.repository == 'apache/pulsar' && github.event_name !=
'pull_request' }}
+ continue-on-error: true
with:
image-ref: "apachepulsar/pulsar:latest"
scanners: vuln
@@ -902,7 +904,8 @@ jobs:
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
- if: ${{ github.repository == 'apache/pulsar' && github.event_name !=
'pull_request' }}
+ if: ${{ steps.trivy_scan.outcome == 'success' && github.repository ==
'apache/pulsar' && github.event_name != 'pull_request' }}
+ continue-on-error: true
with:
sarif_file: 'trivy-results.sarif'
