Task Description
We are encountering a rate-limiting error when downloading the Trivy vulnerability DB from ghcr.io during the image creation process for Greenhouse and Supernova in our GitHub Actions workflows.
Sub-tasks
Investigate and fix the rate-limiting error that occurs when downloading the Trivy vulnerability DB (ghcr.io/aquasecurity/trivy-db) in the GitHub Actions pipeline for Greenhouse and Supernova images.
Implement the proposed fix from this issue comment, which suggests adding the ACTIONS_RUNTIME_TOKEN environment variable to bypass the rate-limiting issue.
Ensure that the Trivy DB download process works without hitting the rate limit, and monitor if the error is resolved.
Running Trivy with options: trivy image ghcr.io/cloudoperators/juno-app-greenhouse:latest
2024-11-15T11:50:55Z INFO [vulndb] Need to update DB
2024-11-15T11:50:55Z INFO [vulndb] Downloading vulnerability DB...
2024-11-15T11:50:55Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-11-15T11:50:55Z ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 994.324µs, allowed: 44000/minute\n\n"
2024-11-15T11:50:55Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
Task Description We are encountering a rate-limiting error when downloading the Trivy vulnerability DB from ghcr.io during the image creation process for Greenhouse and Supernova in our GitHub Actions workflows.
Sub-tasks
ghcr.io/aquasecurity/trivy-db) in the GitHub Actions pipeline for Greenhouse and Supernova images.ACTIONS_RUNTIME_TOKENenvironment variable to bypass the rate-limiting issue.Additional Context