You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Honestly, it took me time to understand the full workflow of what is being defined where (between the repositories)
I'd expect the script to be located next to the actual place it is running.
Is it in order to make the trivy repository more lightweight? So all the artifacts are located on a different repository?
If so, I think the trivy-repository should be documented with its purpose and its generation workflow.
Otherwise, logically, all the code&artifacts should be located next to each other.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hey there,
I noticed that the https://github.com/aquasecurity/trivy/blob/main/.github/workflows/release.yaml job in the main
trivy
repository runs the https://github.com/aquasecurity/trivy/tree/bc7150428661757e2d7bb9e9e313b59e2f9fdf68/ci code but then pushes the changes to https://github.com/aquasecurity/trivy-repo .What's the purpose of this repositories separation?
Honestly, it took me time to understand the full workflow of what is being defined where (between the repositories)
I'd expect the script to be located next to the actual place it is running.
Is it in order to make the
trivy
repository more lightweight? So all the artifacts are located on a different repository?If so, I think the
trivy-repository
should be documented with its purpose and its generation workflow.Otherwise, logically, all the code&artifacts should be located next to each other.
WDYT?
Beta Was this translation helpful? Give feedback.
All reactions