Skip to content

Commit

Permalink
feat(cve): cache kfs vendors manifests built
Browse files Browse the repository at this point in the history
  • Loading branch information
@g-iannelli
g-iannelli committed Nov 14, 2024
1 parent 7922e32 commit e42aac2
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
10 changes: 10 additions & 0 deletions .github/workflows/cve-scan-and-patching.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,21 @@ jobs:
- name: cache tools
uses: actions/cache@v4
with:
fail-on-cache-miss: true
path: |
/tmp/.cache/trivy
/usr/local/bin/trivy
/usr/local/bin/furyctl
/usr/local/bin/buildctl
/usr/local/bin/copa
key: cve-scan-patching-tools-${{ needs.fetch_kfd_versions.outputs.today_date }}
- name: cache KFD vendors built manifest for KFD ${{ matrix.kfd_version }}
uses: actions/cache@v4
with:
path: |
CVEs/${{ matrix.kfd_version }}/built.yaml
CVEs/${{ matrix.kfd_version }}/images.txt
key: kfd-${{ matrix.kfd_version }}-vendors-built-manifests
- name: Execute CVEs scan for KFD ${{ matrix.kfd_version }}
id: scan_pre_patch
run: |
Expand Down Expand Up @@ -182,6 +190,7 @@ jobs:
- name: cache tools
uses: actions/cache@v4
with:
fail-on-cache-miss: true
path: |
/tmp/.cache/trivy
/usr/local/bin/trivy
Expand Down Expand Up @@ -238,6 +247,7 @@ jobs:
- name: cache tools
uses: actions/cache@v4
with:
fail-on-cache-miss: true
path: |
/tmp/.cache/trivy
/usr/local/bin/trivy
Expand Down
6 changes: 3 additions & 3 deletions CVEs/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ all: trivy-download-db scan-pre-patch concat-multiple-kfd-images-list patch scan
scan-pre-patch:
@for version in $(KFD_VERSIONS); do \
( \
$(MAKE) download-deps KFD_VERSION=$$version; \
$(MAKE) kustomize-build-all KFD_VERSION=$$version; \
$(MAKE) generate-image-list-from-manifests KFD_VERSION=$$version; \
[ ! -e $$version/built.yaml ] && $(MAKE) download-deps KFD_VERSION=$$version; \
[ ! -e $$version/built.yaml ] && $(MAKE) kustomize-build-all KFD_VERSION=$$version; \
[ ! -e $$version/images.txt ] && $(MAKE) generate-image-list-from-manifests KFD_VERSION=$$version; \
$(MAKE) scan-vulns KFD_VERSION=$$version LIST_FILE=$$version/images.txt OUTPUT_FILE=$$version/FURY-CVEs.md; \
) & \
done; \
Expand Down

0 comments on commit e42aac2

Please sign in to comment.