From d87c31041b1e32ae7e45311e5177cf9d7b4bd593 Mon Sep 17 00:00:00 2001 From: Georg Jung Date: Tue, 15 Oct 2024 12:15:35 +0200 Subject: [PATCH] Retry vuln db download on failure --- trivy-task/index.ts | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/trivy-task/index.ts b/trivy-task/index.ts index f933101..adc26e9 100644 --- a/trivy-task/index.ts +++ b/trivy-task/index.ts @@ -44,6 +44,7 @@ async function run() { process.env.AQUA_ASSURANCE_EXPORT = assurancePath } + await downloadVulnDb(loginDockerConfig); // The requests to ghcr.io are rate-limited and might fail sometimes on public runners, so we apply a retrying logic here. const runner = await createRunner(task.getBoolInput("docker", false), loginDockerConfig, configuredJsonOutputPath !== undefined); if (task.getBoolInput("debug", false)) { @@ -89,6 +90,34 @@ async function run() { console.log("Done!"); } +async function downloadVulnDb(loginDockerConfig: boolean) { + const maxAttempts = 5; + + for (let attempt = 1; attempt <= maxAttempts; attempt++) { + try { + const rnr = await createRunner(task.getBoolInput("docker", false), loginDockerConfig, false); + rnr.arg("image"); + rnr.arg("--download-db-only"); + const result = rnr.execSync(); + + if (result.code === 0) { + console.log("Vulnerability database download successful."); + break; + } else { + throw new Error('Download failed, exit code ' + result.code); + } + } catch (error) { + if (attempt < maxAttempts) { + console.log(`Attempt ${attempt} failed. Retrying in 1 second...`); + await new Promise(resolve => setTimeout(resolve, 1000)); + } else { + console.error(`Failed after ${attempt} attempts:`, error); + throw error; // Re-throw error after the last attempt + } + } + } +} + function isDevMode(): boolean { return task.getBoolInput("devMode", false) }