Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache trivy #2910

Merged
merged 5 commits into from
Oct 3, 2024
Merged

Cache trivy #2910

merged 5 commits into from
Oct 3, 2024

Conversation

jimmykarily
Copy link
Contributor

Fixes #2904

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@jimmykarily jimmykarily self-assigned this Oct 1, 2024
@jimmykarily
Cache trivy
fcb7698 
Fixes #2904

Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily
Cache trivy in more pipelines
88877f5 
Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily
Copy link
Contributor Author

I don't understand at which point the cache is saved. Looking at this pipeline: https://github.com/yogeshlonkar/trivy-cache-action/blob/5e3c2d406dd3a13d95a3eabc520e0ac19ab729b5/.github/workflows/workflow.yml#L48
I think we may need to run it before our step to restore it and after it to save it. But I'm trying to verify that it works like that in code.

@jimmykarily
Populate trivy cache
b2a0ea3 
Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily
Create the trivy cache dir if it wasn't created
089f377 
because if there is no cache to restore, the directory doesn't get
created

Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily jimmykarily force-pushed the cache-trivy branch 3 times, most recently from 6b1fb64 to 4d6ec2b Compare October 2, 2024 07:12
@jimmykarily
Try to gate all jobs with trivy cache job
67fb41c 
to avoid failing later. Also, since jobs run in parallel, they may start
populating the cache at the same time which will result in multiple
requests for the trivy database, making the caching mechanism useless.
Doing it once before everything should solve this.

Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily jimmykarily requested a review from a team October 3, 2024 04:58
@jimmykarily
Copy link
Contributor Author

I don't understand at which point the cache is saved. Looking at this pipeline: https://github.com/yogeshlonkar/trivy-cache-action/blob/5e3c2d406dd3a13d95a3eabc520e0ac19ab729b5/.github/workflows/workflow.yml#L48 I think we may need to run it before our step to restore it and after it to save it. But I'm trying to verify that it works like that in code.

Found it.

So this solution works like this:

At the beginning of the pipeline and before any workflows request the trivy database:

  • We run the yogeshlonkar/trivy-cache-action@v0 action first to populate the .trivy directory from the GitHub cache. The cache key includes the db hash and the branch name so it's valid for the same branch for as long as the db is fresh
  • We run the new earthly target trivy-download-db to populate the .trivy directory (either because no cache was found in the previous step or because there is a fresh db to be downloaded)
  • The action has a "post" step which pushes the contents of the possibly updated .trivy directory back to GitHub cache.

After this is done, we are sure we have populated the GitHub cache with the latest db. From there on, any workflow that needs the trivy cache, will run the trivy-cache-action to populate the .trivy dir and pass it to the earthly targets using the new TRIVY_CACHE_DIR argument.

@jimmykarily jimmykarily merged commit 7cf2177 into master Oct 3, 2024
45 checks passed
@jimmykarily jimmykarily deleted the cache-trivy branch October 3, 2024 07:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mauromorales mauromorales mauromorales approved these changes

Assignees

@jimmykarily jimmykarily

Labels
None yet
Projects
🧙Issue tracking board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Try to cache trivy db
2 participants
@jimmykarily @mauromorales