Skip to content

ci: add Trivy 0.57.1 and 0.58.1 to bundle testing #311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 15, 2025
Merged

ci: add Trivy 0.57.1 and 0.58.1 to bundle testing #311

merged 1 commit into from
Jan 15, 2025

Conversation

nikpivkin
Copy link
Contributor

No description provided.

@nikpivkin nikpivkin requested a review from simar7 as a code owner January 10, 2025 07:21
simar7
simar7 reviewed Jan 14, 2025
View reviewed changes
scripts/verify-bundle.go
@@ -16,7 +16,7 @@ import (

var bundlePath = "bundle.tar.gz"
var OrasPush = []string{"--artifact-type", "application/vnd.cncf.openpolicyagent.config.v1+json", fmt.Sprintf("%s:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip", bundlePath)}
var supportedTrivyVersions = []string{"latest", "canary"} // TODO: add more versions
var supportedTrivyVersions = []string{"0.57.1", "0.58.1", "latest", "canary"} // TODO: add more versions
Copy link
Member

@simar7 simar7 Jan 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason why we should add these two versions in particular?

Copy link
Contributor Author

@nikpivkin nikpivkin Jan 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought we should use some older versions for backwards compatibility testing, instead of using only the latest ones. I chose some versions starting with 0.57.1 as this is the first version of Trivy where we added bundle v1 support.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK let's go ahead with this for now. I wonder if it's worth making this list dynamic in the next iteration of improving this test.

@simar7 simar7 self-requested a review January 15, 2025 04:07
@simar7 simar7 added this pull request to the merge queue Jan 15, 2025
Merged via the queue into aquasecurity:main with commit 532cf76 Jan 15, 2025
6 checks passed
@nikpivkin nikpivkin deleted the trivy-bundle-v branch January 15, 2025 05:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @simar7