ci(deploy): increase trivy image scan timeout to 30m

Slow ARM64 runners hit the default timeout while initializing the container image scan after pulling. Extend the timeout so image scans can complete reliably.
ci(deploy): login and pull images before Trivy scan
2026-06-13 20:22:05 +03:00 · 2026-06-13 19:29:57 +03:00 · 2026-06-13 18:43:40 +03:00
1 changed files with 17 additions and 1 deletions
@@ -70,6 +70,13 @@ jobs:
    needs: build-and-push
    runs-on: ubuntu-latest
    steps:
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.codeanddice.ru
+          username: toutsu
+          password: ${{ secrets.GIT_TOKEN }}
+
      - name: Install Trivy
        run: |
          # Install Trivy from the official Docker image instead of the
@@ -78,7 +85,7 @@ jobs:
          #      GitHub releases API; when a release is unpublished or
          #      yanked, the script fails with
          #      `unable to find '<tag>' - use 'latest' or see ...`
-          #      even when the release once existed. We hit this with
+          #      when the release once existed. We hit this with
          #      v0.71.0.
          #   2. Docker Hub tags are content-addressed and rarely
          #      removed, so a pinned image tag is much more stable.
@@ -94,9 +101,16 @@ jobs:
          chmod +x /usr/local/bin/trivy
          trivy --version

+      - name: Pull images for scan
+        run: |
+          docker pull git.codeanddice.ru/toutsu/gmrelay-bot:${{ env.VERSION }}
+          docker pull git.codeanddice.ru/toutsu/gmrelay-discord-bot:${{ env.VERSION }}
+          docker pull git.codeanddice.ru/toutsu/gmrelay-web:${{ env.VERSION }}
+
      - name: Scan Bot image
        run: |
          trivy image \
+            --timeout 30m \
            --severity HIGH,CRITICAL \
            --exit-code 1 \
            --format table \
@@ -105,6 +119,7 @@ jobs:
      - name: Scan Discord Bot image
        run: |
          trivy image \
+            --timeout 30m \
            --severity HIGH,CRITICAL \
            --exit-code 1 \
            --format table \
@@ -113,6 +128,7 @@ jobs:
      - name: Scan Web image
        run: |
          trivy image \
+            --timeout 30m \
            --severity HIGH,CRITICAL \
            --exit-code 1 \
            --format table \
Author	SHA1	Message	Date
Toutsu	2ba411a04b	ci(deploy): increase trivy image scan timeout to 30m Slow ARM64 runners hit the default timeout while initializing the container image scan after pulling. Extend the timeout so image scans can complete reliably.	2026-06-13 20:22:05 +03:00
Toutsu	b952be23eb	ci(deploy): login and pull images before Trivy scan PR Checks / test-and-build (pull_request) Successful in 32m3s Details The scan-images job runs on a fresh runner that does not have the images built by the build-and-push job. Login to the registry and pull the images before scanning, otherwise Trivy cannot find them.	2026-06-13 19:29:57 +03:00
Toutsu	4054d49ccb	Merge pull request 'feat(rendering): display description, system, duration, format, type and location in Telegram game card' (#139 ) from feature/telegram-game-card-fields into main Deploy Telegram Bot / build-and-push (push) Successful in 3m51s Details Deploy Telegram Bot / scan-images (push) Failing after 8m4s Details Deploy Telegram Bot / deploy (push) Has been skipped Details Merge pull request #139: feat(rendering): display description, system, duration, format, type and location in Telegram game card Bump version to 3.11.0.	2026-06-13 18:43:40 +03:00