Toutsu
99a58d7835
Trivy install keeps failing on the deploy workflow:
- empty TAG: install.sh falls back to 'latest', but the
'latest' GitHub release tag is no longer published.
- pin v0.71.0: pin alone is not durable. The release got
unpublished and install.sh now dies with
'unable to find v0.71.0 - use latest'.
Switch to the official aquasec/trivy Docker image:
- Docker Hub tags are content-addressed and rarely removed,
so the pin is durable.
- The image manifest ships linux/amd64, linux/arm64, linux/ppc64le
and linux/s390x, so the same tag works on the GitHub-hosted
runner and on the ARM64 Pi runner.
- We just need docker pull + docker cp /usr/local/bin/trivy.
- Pinned to 0.70.0 (April 2026) for reasonably current CVE data.
Also normalize .gitignore to plain UTF-8. The working copy had
been re-saved as UTF-16 LE by a Set-Content call without
-Encoding UTF8 (PowerShell 5.1 default on the local Windows box),
so git kept reporting 'Binary files differ' even though the rules
themselves were fine. Re-wrote through the editor to drop the
UTF-16 encoding and added rules for showcase-*.png, *.png.local,
and the test scratch dirs that keep creeping in.
51 lines
570 B
Plaintext
51 lines
570 B
Plaintext
## .NET
|
|
bin/
|
|
obj/
|
|
publish/
|
|
*.user
|
|
*.suo
|
|
*.userprefs
|
|
*.sln.docstates
|
|
|
|
## IDE
|
|
.vs/
|
|
.vscode/
|
|
.idea/
|
|
.gemini/
|
|
.claude/
|
|
.serena/
|
|
*.swp
|
|
*~
|
|
*.DotSettings.user
|
|
|
|
## Aspire
|
|
.aspire/
|
|
|
|
## Build
|
|
artifacts/
|
|
TestResults/
|
|
|
|
## Secrets
|
|
appsettings.*.local.json
|
|
.env
|
|
|
|
## AI working directories
|
|
docs/superpowers/
|
|
docs/plans/
|
|
*.diff
|
|
|
|
# OpenCode / Mavis / Playwright scratch dirs
|
|
.opencode/
|
|
.mavis/
|
|
.playwright-mcp/
|
|
.superpowers/
|
|
|
|
# Local screenshots / diagnostic artifacts
|
|
.club-*.png
|
|
.showcase-*.png
|
|
showcase-*.png
|
|
*.png.local
|
|
deploy_log.txt
|
|
test_output.txt
|
|
src/GmRelay.Bot/Dockerfile.test
|