(pulsar) 03/04: [fix][ci] Disable trivy-action (#25373)

[lhotari]

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit 01de0a36a59841eebda7eca810a58acd58c2a320
Author: Lari Hotari <lhot...@users.noreply.github.com>
AuthorDate: Fri Mar 20 21:24:08 2026 +0200

    [fix][ci] Disable trivy-action (#25373)
    
    (cherry picked from commit 6e577f0bc5a7c3184fdb75d6afdd54a56578aa26)
---
 .github/workflows/pulsar-ci.yaml | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml
index d46a4923e9d..2d0a2f2ea9a 100644
--- a/.github/workflows/pulsar-ci.yaml
+++ b/.github/workflows/pulsar-ci.yaml
@@ -545,7 +545,7 @@ jobs:
           $GITHUB_WORKSPACE/build/pulsar_ci_tool.sh 
restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
         with:
           platforms: arm64
 
@@ -952,25 +952,25 @@ jobs:
       - name: Check binary licenses
         run: src/check-binary-license.sh 
./distribution/server/target/apache-pulsar-*-bin.tar.gz && 
src/check-binary-license.sh 
./distribution/shell/target/apache-pulsar-shell-*-bin.tar.gz
 
-      - name: Run Trivy container scan
-        id: trivy_scan
-        uses: aquasecurity/trivy-action@0.26.0
-        if: ${{ github.repository == 'apache/pulsar' && github.event_name != 
'pull_request' }}
-        continue-on-error: true
-        with:
-          image-ref: "apachepulsar/pulsar:latest"
-          scanners: vuln
-          severity: CRITICAL,HIGH,MEDIUM,LOW
-          limit-severities-for-sarif: true
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 
'apache/pulsar' && github.event_name != 'pull_request' }}
-        continue-on-error: true
-        with:
-          sarif_file: 'trivy-results.sarif'
+#      - name: Run Trivy container scan
+#        id: trivy_scan
+#        uses: aquasecurity/trivy-action@v0.35.0
+#        if: ${{ github.repository == 'apache/pulsar' && github.event_name != 
'pull_request' }}
+#        continue-on-error: true
+#        with:
+#          image-ref: "apachepulsar/pulsar:latest"
+#          scanners: vuln
+#          severity: CRITICAL,HIGH,MEDIUM,LOW
+#          limit-severities-for-sarif: true
+#          format: 'sarif'
+#          output: 'trivy-results.sarif'
+#
+#      - name: Upload Trivy scan results to GitHub Security tab
+#        uses: github/codeql-action/upload-sarif@v3
+#        if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 
'apache/pulsar' && github.event_name != 'pull_request' }}
+#        continue-on-error: true
+#        with:
+#          sarif_file: 'trivy-results.sarif'
 
       - name: Clean up disk space
         run: |