Closed yokawasa closed 4 years ago
Hi @yokawasa .
Thank you for trying gitrivy.
gitrivy gets Docker image name from "image" parameter or "IMAGE_NAME" environment variable.
If "image" parameter is configured, gitrivy doesn't use "IMAGE_NAME" environment variable.
In other words, "image" parameter has a higher priority than "IMAGE_NAME".
Since "IMAGE_NAME" environment variable is also used by docker pull
, it's recommended to specify only the" IMAGE_NAME "environment variable in this case.
If rewritten, the workflow probably works:
name: Vulnerability Scan
push:
branches:
- test-trivy-scan
jobs:
scan:
name: Daily Vulnerability Scan
runs-on: ubuntu-18.04
env:
IMAGE_NAME: python:3.4-alpine
steps:
- name: Pull docker image
run: docker pull ${IMAGE_NAME}
- uses: homoluctus/gitrivy@v1.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
issue: 'true'
@homoluctus thank you so much for the comment. Your recommendation worked perfect!! Again thank you for the great project!!
Thank you for sharing great project. I've tried
gitriny
with the following container image but the action ended up with Node run failure.Container Image:
python:3.4-alpin
GitHub Action running log:
2020-01-27T13:22:17.5466913Z ##[error]Node run failed with exit code 1 2020-01-27T13:22:17.5477398Z Cleaning up orphan processes
I actually tried with a different container image, but I go the same result.