Preload Trivy DB

GitHub's container registry has implemented some rate limiting, this
will try to load the database 13 times before running Trivy. For the
past few weeks almost every single image build failed due to this and it
 takes a dozen retries easily to get all scans to pass.

Author: WyriHaximus

.github/workflows/ci.yml

@@ -75,6 +75,13 @@ jobs:
       image: ${{ steps.image-matrix.outputs.image }}
     steps:
       - uses: actions/checkout@v4
+      - name: Preload Trivy DB
+        uses: nick-invision/retry@v3
+        with:
+          timeout_minutes: 120
+          retry_wait_seconds: 1
+          max_attempts: 13
+          command: docker pull "ghcr.io/aquasecurity/trivy-db:2"
       - id: image-matrix
         name: Generate Combined Image Matrix
         run: |
@@ -176,6 +183,13 @@ jobs:
         image: ${{ fromJson(needs.image-matrix.outputs.image) }}
         exclude: ${{ fromJson(needs.exclude-matrix.outputs.exclude) }}
     steps:
+      - name: Preload Trivy DB
+        uses: nick-invision/retry@v3
+        with:
+          timeout_minutes: 120
+          retry_wait_seconds: 1
+          max_attempts: 13
+          command: docker pull "ghcr.io/aquasecurity/trivy-db:2"
       - uses: actions/checkout@v4
         if: contains(matrix.image, 'alpine')
       - uses: dbhi/qus/action@main

test-nts.sh

@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"

test-zts.sh

@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"