Retry trivy when it fails to download the vulnerability database due …

…to rate-limiting Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
shipwright-io · Oct 28, 2024 · a0871b9 · a0871b9
1 parent a2b53df
commit a0871b9
Showing 1 changed file with 22 additions and 6 deletions.
diff --git a/pkg/image/vulnerability_scan.go b/pkg/image/vulnerability_scan.go
@@ -11,6 +11,7 @@ import (
 	"os/exec"
 	"sort"
 	"strings"
+	"time"
 
 	"github.com/google/go-containerregistry/pkg/authn"
 	buildapi "github.com/shipwright-io/build/pkg/apis/build/v1beta1"
@@ -51,14 +52,29 @@ func RunVulnerabilityScan(ctx context.Context, imagePath string, settings builda
 		}
 	}
 
-	cmd := exec.CommandContext(ctx, "trivy", trivyArgs...)
+	var result []byte
+	var err error
 
-	cmd.Stdin = nil
+	for i := 0; i < 10; i++ {
+		cmd := exec.CommandContext(ctx, "trivy", trivyArgs...)
+		cmd.Stdin = nil
 
-	result, err := cmd.CombinedOutput()
-	if err != nil {
-		log.Printf("failed to run trivy:\n%s", string(result))
-		return nil, fmt.Errorf("failed to run trivy: %w", err)
+		if result, err = cmd.CombinedOutput(); err != nil {
+			sResult := string(result)
+			log.Printf("failed to run trivy:\n%s", sResult)
+
+			// Retry the following error
+			//
+			// FATAL    Fatal error    init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:
+			//  GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 508.904┬Ás, allowed: 44000/minute
+
+			if i < 10 && strings.Contains(sResult, "failed to download vulnerability DB") && strings.Contains(sResult, "TOOMANYREQUESTS") {
+				log.Println("Will retry")
+				time.Sleep(time.Second)
+			} else {
+				return nil, fmt.Errorf("failed to run trivy: %w", err)
+			}
+		}
 	}
 
 	var trivyResult TrivyResult