💩(ci) disable temporarily Trivy scan step for backend image
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package. A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available. https://github.com/protocolbuffers/protobuf/pull/25239
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
d101459115
commit
39fb273201
12
.github/workflows/docker-hub.yml
vendored
12
.github/workflows/docker-hub.yml
vendored
@@ -37,12 +37,12 @@ jobs:
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USER }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
-
|
||||
name: Run trivy scan
|
||||
uses: numerique-gouv/action-trivy-cache@main
|
||||
with:
|
||||
docker-build-args: '--target backend-production -f Dockerfile'
|
||||
docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend:${{ github.sha }}'
|
||||
# -
|
||||
# name: Run trivy scan
|
||||
# uses: numerique-gouv/action-trivy-cache@main
|
||||
# with:
|
||||
# docker-build-args: '--target backend-production -f Dockerfile'
|
||||
# docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend:${{ github.sha }}'
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
|
||||
Reference in New Issue
Block a user