Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 86 Wiki Activity

ci(deploy): login, pull images, and increase Trivy timeout #140

Merged
Toutsu merged 1 commits from fix/deploy-scan-pull-images into main 2026-06-13 19:32:18 +03:00
Conversation 0 Commits 1 Files Changed 1
+14 -1
Toutsu commented 2026-06-13 19:32:05 +03:00
Owner
Copy Link
Copy Source

Summary

Deploy pipeline scan-images job runs on a fresh runner and could not find the images built by build-and-push. This PR adds registry login, docker pull, and --timeout 30m to the Trivy image scan steps so the scan can complete on slow ARM64 runners.

Changes

  • .gitea/workflows/deploy.yml: add login, pull, and 30m timeout to the scan-images job.

Test plan

  • Merge to main and verify deploy pipeline #329 rerun succeeds.
## Summary Deploy pipeline `scan-images` job runs on a fresh runner and could not find the images built by `build-and-push`. This PR adds registry login, `docker pull`, and `--timeout 30m` to the Trivy image scan steps so the scan can complete on slow ARM64 runners. ## Changes - `.gitea/workflows/deploy.yml`: add login, pull, and 30m timeout to the `scan-images` job. ## Test plan - Merge to main and verify deploy pipeline #329 rerun succeeds.
Toutsu added 1 commit 2026-06-13 19:32:05 +03:00
ci(deploy): login and pull images before Trivy scan
PR Checks / test-and-build (pull_request) Successful in 32m3s
Details
b952be23eb 
The scan-images job runs on a fresh runner that does not have the images
built by the build-and-push job. Login to the registry and pull the
images before scanning, otherwise Trivy cannot find them.
Toutsu merged commit e59b0a78fd into main 2026-06-13 19:32:18 +03:00
Toutsu changed title from ci(deploy): login and pull images before Trivy scan to ci(deploy): login, pull images, and increase Trivy timeout 2026-06-13 20:25:32 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
area:bot
Telegram bot and worker logic
 area:data
Database schema, migrations and persistence model
 area:discord
Discord bot service and Discord adapter
 area:infra
Infrastructure, runtime and deployment
 area:miniapp
Telegram Mini App dashboard
 area:platform
Platform-neutral abstractions and adapter boundaries
 area:shared
Shared domain and rendering contracts
 area:web
Blazor web dashboard
 in-progress
В работе (issue взят агентом)
 next-up
Recommended immediate backlog
 pending-approval
Ждёт согласования плана решения
 platform:discord
Discord-specific behavior or adapter work
 platform:multi
Cross-platform or platform-neutral work
 platform:telegram
Telegram-specific behavior or adapter work
 priority:p0
Critical priority
 priority:p0
Блокирующий приоритет: задача должна быть выполнена до признания решения production-ready
 priority:p1
High priority
 priority:p2
Medium priority
 priority:p3
Lower priority
 security
Security-sensitive work
 type:bug
Bug fix or corrective work
 type:chore
Maintenance and supporting work
 type:feature
New product functionality
 type:refactor
Structural change without direct feature growth
 type:test
Testing and coverage work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Toutsu
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Toutsu/GmRelayBot#140
Delete Branch "fix/deploy-scan-pull-images"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?