diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8cb021..713b9b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,13 @@ jobs: - name: Run Trivy container scan uses: aquasecurity/trivy-action@master + env: + # Avoid "Bad credentials" from GitHub API when the runner's + # GITHUB_TOKEN is a Gitea token. Pin trivy binary so installer + # does not hit api.github.com releases/latest. + GITHUB_TOKEN: "" with: + version: v0.51.1 scan-type: 'fs' scan-ref: '.' format: 'sarif' @@ -142,6 +148,12 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Install unzip (act-runner image may lack it) + run: | + if ! command -v unzip >/dev/null 2>&1; then + sudo apt-get update && sudo apt-get install -y unzip + fi + - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index f55d315..6c64fd0 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -24,6 +24,12 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Install unzip (act-runner image may lack it) + run: | + if ! command -v unzip >/dev/null 2>&1; then + sudo apt-get update && sudo apt-get install -y unzip + fi + - name: Setup Terraform uses: hashicorp/setup-terraform@v2 @@ -93,16 +99,25 @@ jobs: - name: Container Security Scan uses: aquasecurity/trivy-action@master + env: + # Avoid "Bad credentials" from GitHub API when the runner's + # GITHUB_TOKEN is a Gitea token. Pin trivy binary so installer + # does not hit api.github.com releases/latest. + GITHUB_TOKEN: "" with: + version: v0.51.1 scan-type: 'image' image-ref: 'hyperledger/besu:23.10.0' format: 'sarif' output: 'trivy-results.sarif' + continue-on-error: true - name: Upload Trivy results + # Gitea does not host GitHub code-scanning; don't fail the job. uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' + continue-on-error: true validate-documentation: runs-on: ubuntu-latest