Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: short-lived grype-db cache #348

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: short-lived grype-db cache #348

wants to merge 4 commits into from

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Jul 26, 2024
edited

This PR implements a short-lived cache of the grype database using the Github workflow cache.

If there are a substantial number of users of the action, this may help to spread out checks for grype-db over the day, and alleviate the overall number of requests, to help alleviate the sporadic issues we have seen lately with the CDN.

NOTE: Grype has another change which will result in some type of update interval check, this PR could/should leverage instead of having multiple ways to specify the update interval: anchore/grype#2005

Example runs (with cache in this repo):

  • Large numer of matrix jobs, many caches fail to save due to timing issues but successfully continue to run the scan-action
  • Subsequent runs of these successfully restore cache 🎉 (and seem to have some executions a few seconds shorter)

@kzantow
chore: add short-lived caching of grype db
a944310 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow
kzantow commented Jul 29, 2024
View reviewed changes
index.js
}

// Add tool to path for this and future actions to use
core.addPath(grypePath);
Copy link
Contributor Author

@kzantow kzantow Jul 29, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is not technically a breaking change, since we did not advertise putting grype on the path, but I suspect it will break a number of users of the action who are expecting this behavior: particularly users of the download-action, and if we remove this we should probably publish a new major version.

@kzantow kzantow marked this pull request as ready for review July 29, 2024 21:36
@kzantow kzantow added the major Used by release-drafter to determine version label Jul 29, 2024
@kzantow
chore: more sharable cache key
efbc1f5 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow mentioned this pull request Aug 13, 2024
Open
This was referenced Aug 16, 2024
Merged
Closed
@kzantow
Copy link
Contributor Author

kzantow commented Aug 19, 2024
edited

An update: we have deployed an updated CDN solution which we believe should have fixed database download issues. Please read more about it on Discourse

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
major Used by release-drafter to determine version
Projects
OSS
Status: In Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kzantow