add 'non cancelled() &&' to update image conditional; pull Trivy DBs …

…from ECR
Sage-Bionetworks-IT · Nov 7, 2024 · a490145 · a490145
1 parent 5142f04
commit a490145
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -30,6 +30,11 @@ on:
 
 env:
   sarif_file_name: trivy-results-${{ inputs.NOTEBOOK_TYPE  }}.sarif
+  # downloading the trivy-db from its default GitHub location fails because
+  # the site experiences too many downloads.  The fix is to pull from this
+  # alternate location.
+  TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+  TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
 
 jobs:
   trivy:

diff --git a/.github/workflows/trivy_periodic_image_scan.yml b/.github/workflows/trivy_periodic_image_scan.yml
@@ -44,7 +44,7 @@ jobs:
 
   # If scan failed, rebuild the image
   update-image:
-    if: ${{needs.trivy-matrix.outputs.trivy_conclusion == 'failure' }}
+    if: ${{!cancelled() && needs.trivy-matrix.outputs.trivy_conclusion == 'failure' }}
     needs: trivy-matrix
     runs-on: ubuntu-latest
     # tag the repo to trigger a new build

diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -0,0 +1,7 @@
+extends: default
+
+rules:
+  # 80 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 80
+    level: warning