Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup action v0.2.1 failing on GitHub Enterprise Server #10

Open
palloberg opened this issue Oct 16, 2024 · 3 comments
Open

Setup action v0.2.1 failing on GitHub Enterprise Server #10

palloberg opened this issue Oct 16, 2024 · 3 comments
Assignees
@DmitriyLewen

Comments

@palloberg
Copy link

palloberg commented Oct 16, 2024
edited
Loading

Hi.

When running on a self hosted GitHub Enterprise Server (GHES) the new version of setup-trivy is failing because it's using the checkout action without allowing the token and github-server-url to be overridden. In that case it tries to check out contrib/install.sh from aquasecurity/trivy on the local GHES instead of from https://github.com/aquasecurity/trivy.

Updating setup-trivy (and the trivy-action) with optional parameters for token and github-server-url and passing those to actions/checkout would probably make it compatible with GHES as well (although more config would be needed for users of the action on GHES).

image
@palloberg
Copy link
Author

Alternatively fetching the install.sh from https://raw.githubusercontent.com/aquasecurity/trivy/refs/heads/main/contrib/install.sh (or https://raw.githubusercontent.com/aquasecurity/trivy/refs/tags/SOMETAG/contrib/install.sh when another version than latest is requested) would bypass the whole authentication problem.

@m-breitbach
Copy link

m-breitbach commented Oct 16, 2024
edited
Loading

Since recently, we have a similar problem on our GHES, also with the checkout step. In our case, the default branch cannot be determined by the checkout action, I believe because it is operating on github.com URLs.

@DmitriyLewen
Copy link
Contributor

Hello @palloberg @m-breitbach
Unfortunately, i don't have GHES runner and my self-hosted runner works correctly - https://github.com/DmitriyLewen/test-trivy-action/actions/runs/11380381891

But i investigated this issue and looks like we always need to use http://github.com as github-server-url.
It works for me - https://github.com/DmitriyLewen/test-trivy-action/actions/runs/11380839756/job/31660961664

Can you test these changes with GHES?
use commit from my fork (uses: DmitriyLewen/setup-trivy@108c12b3f1803ed4e0e9780fb857f6b00946cb56)

with optional parameters for token and github-server-url

trivy is a public repository. I hope rewriting token doesn't break action/checkout.

We probably don't need to add input for github-server-url, since in all cases action/checkout in setup-trivy should connect to the github.com server.
we will explicitly indicate this server and that will be enough

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@palloberg @m-breitbach @DmitriyLewen