This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 6e577f0bc5a [fix][ci] Disable trivy-action (#25373)
6e577f0bc5a is described below
commit 6e577f0bc5a7c3184fdb75d6afdd54a56578aa26
Author: Lari Hotari <[email protected]>
AuthorDate: Fri Mar 20 21:24:08 2026 +0200
[fix][ci] Disable trivy-action (#25373)
---
.github/workflows/pulsar-ci.yaml | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml
index 9d7e025d71d..03e83e11a5b 100644
--- a/.github/workflows/pulsar-ci.yaml
+++ b/.github/workflows/pulsar-ci.yaml
@@ -596,7 +596,7 @@ jobs:
$GITHUB_WORKSPACE/build/pulsar_ci_tool.sh
restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries
- name: Set up QEMU
- uses: docker/setup-qemu-action@v3
+ uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
with:
platforms: arm64
@@ -996,25 +996,25 @@ jobs:
- name: Check binary licenses
run: src/check-binary-license.sh
./distribution/server/target/apache-pulsar-*-bin.tar.gz &&
src/check-binary-license.sh
./distribution/shell/target/apache-pulsar-shell-*-bin.tar.gz
- - name: Run Trivy container scan
- id: trivy_scan
- uses: aquasecurity/[email protected]
- if: ${{ github.repository == 'apache/pulsar' && github.event_name !=
'pull_request' }}
- continue-on-error: true
- with:
- image-ref: "apachepulsar/pulsar:latest"
- scanners: vuln
- severity: CRITICAL,HIGH,MEDIUM,LOW
- limit-severities-for-sarif: true
- format: 'sarif'
- output: 'trivy-results.sarif'
-
- - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v3
- if: ${{ steps.trivy_scan.outcome == 'success' && github.repository ==
'apache/pulsar' && github.event_name != 'pull_request' }}
- continue-on-error: true
- with:
- sarif_file: 'trivy-results.sarif'
+# - name: Run Trivy container scan
+# id: trivy_scan
+# uses: aquasecurity/[email protected]
+# if: ${{ github.repository == 'apache/pulsar' && github.event_name !=
'pull_request' }}
+# continue-on-error: true
+# with:
+# image-ref: "apachepulsar/pulsar:latest"
+# scanners: vuln
+# severity: CRITICAL,HIGH,MEDIUM,LOW
+# limit-severities-for-sarif: true
+# format: 'sarif'
+# output: 'trivy-results.sarif'
+#
+# - name: Upload Trivy scan results to GitHub Security tab
+# uses: github/codeql-action/upload-sarif@v3
+# if: ${{ steps.trivy_scan.outcome == 'success' && github.repository ==
'apache/pulsar' && github.event_name != 'pull_request' }}
+# continue-on-error: true
+# with:
+# sarif_file: 'trivy-results.sarif'
- name: Clean up disk space
if: ${{ matrix.base.save_artifact }}
