Skip to content

fix(infra): enhance build reliability and security scanning#22

Merged
mtarsel merged 1 commit intoIBM:mainfrom
adilhusain-s:pr1-infrastructure-reliability
Feb 4, 2026
Merged

fix(infra): enhance build reliability and security scanning#22
mtarsel merged 1 commit intoIBM:mainfrom
adilhusain-s:pr1-infrastructure-reliability

Conversation

@adilhusain-s
Copy link
Collaborator

@adilhusain-s adilhusain-s commented Jan 18, 2026
edited
Loading

Problem

Build failures from transient network issues require manual workflow reruns. Specifically:

  • dotnet-install.py fails on temporary HTTP 500/502/503/504 errors
  • DNS timeouts and connection issues aren't retried
  • Single transient failure affects entire multi-architecture build

Solution

Add retry logic with exponential backoff and upgrade security scanning.

Changes

Build Reliability:

  • Add retry logic to dotnet-install.py: 8 attempts, 5s exponential backoff
  • Handle HTTP 500/502/503/504 errors automatically
  • Tolerate DNS failures and timeouts gracefully

Security:

  • Upgrade Trivy: v0.58.1 → v0.68.2
  • Enforce security gates: fail builds on HIGH/CRITICAL vulnerabilities

Files Changed

  • Makefile: Trivy version and thresholds
  • PowerShell/dotnet-install.py: Retry logic

Impact

  • ✅ Reduces flaky failures from temporary infrastructure issues
  • ✅ Prevents vulnerable builds from passing

Related

@adilhusain-s
fix(infra): enhance build reliability and security scanning
2d3c061 
- Add retry logic (8 attempts, 5s delay) with exponential backoff to dotnet-install.py
- Handle transient HTTP errors (500, 502, 503, 504) and network failures automatically
- Upgrade Trivy to v0.68.2 for improved vulnerability detection
- Enable strict security gates: fail build on HIGH/CRITICAL vulnerabilities

These changes improve pipeline reliability by handling network flakiness
and enforcing stricter security standards during builds.

Signed-off-by: Adilhusain Shaikh <Adilhusain.Shaikh@ibm.com>
@adilhusain-s adilhusain-s mentioned this pull request Jan 18, 2026
Merged
@adilhusain-s adilhusain-s marked this pull request as draft January 18, 2026 15:45
This was referenced Jan 20, 2026
Merged
Open
@adilhusain-s adilhusain-s marked this pull request as ready for review January 20, 2026 06:27
@mtarsel mtarsel merged commit a563c47 into IBM:main Feb 4, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtarsel mtarsel Awaiting requested review from mtarsel mtarsel is a code owner

@anup-kodlekere anup-kodlekere Awaiting requested review from anup-kodlekere anup-kodlekere is a code owner

@rahulssv-ibm rahulssv-ibm Awaiting requested review from rahulssv-ibm rahulssv-ibm is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adilhusain-s @mtarsel