aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: install trivy in bump-trivy workflow and update tests (#495)

Browse Source 
* ci: install trivy in bump-trivy workflow

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* test: diasble list-all-pkgs and remove ReportID

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* ci: run tests after updating golden files

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* fix BATS_LIB_PATH setting

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
This commit is contained in:
Nikita Pivkin
2025-12-11 11:30:00 +06:00
committed by GitHub
parent df65449f48
commit 83690f7d38
3 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/bump-trivy.yaml
+12 -3
View File
@@ -15,22 +15,31 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Set new version from input
run: echo "NEW_VERSION=${{ inputs.trivy_version }}" >> $GITHUB_ENV
- name: Update Trivy versions - name: Update Trivy versions
env:
NEW_VERSION: ${{ inputs.trivy_version }}
run: make bump-trivy run: make bump-trivy
- name: Setup Bats and bats libs - name: Setup Bats and bats libs
id: setup-bats id: setup-bats
uses: bats-core/bats-action@3.0.1 uses: bats-core/bats-action@3.0.1
- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ inputs.trivy_version }}
trivy --version
- name: Update golden files - name: Update golden files
env: env:
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }} BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
run: make update-golden run: make update-golden
- name: Run tests
env:
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
run: make test
- name: Create PR - name: Create PR
id: create-pr id: create-pr
uses: peter-evans/create-pull-request@v5 uses: peter-evans/create-pull-request@v5
Makefile
+5 -4
View File
@@ -1,10 +1,11 @@
OS := $(shell uname) OS := $(shell uname)
SED = sed
BATS_LIB_PATH ?= /usr/local/lib/
ifeq ($(OS), Darwin) ifeq ($(OS), Darwin)
SED = gsed SED = gsed
BATS_LIB_PATH ?= /opt/homebrew/lib BATS_LIB_PATH ?= /opt/homebrew/lib
else
SED = sed
BATS_LIB_PATH ?= /usr/local/lib/
endif endif
BATS_ENV := BATS_LIB_PATH=$(BATS_LIB_PATH) \ BATS_ENV := BATS_LIB_PATH=$(BATS_LIB_PATH) \
test/test.bats
+2 -1
View File
@@ -5,6 +5,7 @@ setup_file() {
export TRIVY_DB_REPOSITORY=ghcr.io/${owner}/trivy-db-act:latest export TRIVY_DB_REPOSITORY=ghcr.io/${owner}/trivy-db-act:latest
export TRIVY_JAVA_DB_REPOSITORY=ghcr.io/${owner}/trivy-java-db-act:latest export TRIVY_JAVA_DB_REPOSITORY=ghcr.io/${owner}/trivy-java-db-act:latest
export TRIVY_CHECKS_BUNDLE_REPOSITORY=ghcr.io/${owner}/trivy-checks-act:latest export TRIVY_CHECKS_BUNDLE_REPOSITORY=ghcr.io/${owner}/trivy-checks-act:latest
export TRIVY_LIST_ALL_PKGS=false
} }
setup() { setup() {
@@ -16,7 +17,7 @@ setup() {
function remove_json_fields() { function remove_json_fields() {
local file="$1" local file="$1"
if [[ "$file" == *.json ]]; then if [[ "$file" == *.json ]]; then
jq 'del(.CreatedAt)' "$file" > tmp && mv tmp "$file" jq 'del(.CreatedAt, .ReportID)' "$file" > tmp && mv tmp "$file"
fi fi
} }