Skip to content

Cache even more trivy #1724

Cache even more trivy

Cache even more trivy #1724

Workflow file for this run

name: 'Push latest ARM images'
on:
pull_request:
paths:
- '**'
permissions: read-all
concurrency:
group: ci-arm-${{ github.head_ref || github.ref }}-${{ github.repository }}
cancel-in-progress: true
env:
FORCE_COLOR: 1
EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }}
jobs:
# Populate the trivy cache once for all later jobs to use
trivy-cache:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Install earthly
uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
with:
repository: quay.io/kairos/packages
packages: utils/earthly
- name: Restore trivy cache
uses: yogeshlonkar/trivy-cache-action@v0
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
- name: Populate trivy Cache
run: |
[ ! -d ".trivy" ] && mkdir -p ".trivy"
earthly +trivy-download-db --DIR .trivy
opensuse:
uses: ./.github/workflows/reusable-docker-arm-build.yaml
secrets: inherit
needs:
- trivy-cache
permissions:
id-token: write # OIDC support
contents: write
security-events: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: opensuse
flavor_release: leap-15.6
family: opensuse
base_image: opensuse/leap:15.6
model: rpi4
worker: ARM64
alpine:
uses: ./.github/workflows/reusable-docker-arm-build.yaml
secrets: inherit
needs:
- trivy-cache
permissions:
id-token: write # OIDC support
contents: write
security-events: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: alpine
flavor_release: "3.19"
family: alpine
base_image: alpine:3.19
model: rpi4
worker: ARM64