From 194598020c83ef77ef0918ed6969d2e70e33235d Mon Sep 17 00:00:00 2001 From: Maksim Nabokikh Date: Mon, 16 Feb 2026 09:10:03 +0100 Subject: [PATCH] Update artifact workflow to use docker-archive format Signed-off-by: Maksim Nabokikh --- .github/workflows/artifacts.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index d2fb4a00..492831b6 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -143,7 +143,7 @@ jobs: run: echo "value=${{ steps.image-name.outputs.value }}@${{ steps.build.outputs.digest }}" >> "$GITHUB_OUTPUT" - name: Fetch image - run: skopeo --insecure-policy copy docker://${{ steps.image-ref.outputs.value }} oci-archive:image.tar + run: skopeo --insecure-policy copy docker://${{ steps.image-ref.outputs.value }} docker-archive:image.tar if: inputs.publish # Uncomment the following lines for debugging: @@ -153,11 +153,16 @@ jobs: # name: "[${{ github.job }}] OCI tarball" # path: image.tar - - name: Extract OCI tarball + - name: Extract tarball run: | mkdir -p image tar -xf image.tar -C image + - name: Debug - list extracted files + run: | + ls -la image/ + find image -type f | head -20 + # - name: List tags # run: skopeo --insecure-policy list-tags oci:image # @@ -207,10 +212,11 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 with: + input: image format: sarif output: trivy-results.sarif - scan-type: "image" - scan-ref: ${{ steps.image-ref.outputs.value }} + scan-type: "fs" + scan-ref: "." cache-dir: "./cache" # Disable skipping trivy cache for now env: