INFO - Cleaning site directory
INFO - Building documentation to directory: /home/live/GIT/Shaarli/doc/html
INFO - Doc file 'index.md' contains an unrecognized relative link 'Usage#tag-cloud', it was left
as is. Did you mean 'Usage.md#tag-cloud'?
INFO - Doc file 'index.md' contains an unrecognized relative link 'Usage#picture-wall', it was
left as is. Did you mean 'Usage.md#picture-wall'?
INFO - Doc file 'index.md' contains an unrecognized relative link 'Usage#import-export', it was
left as is. Did you mean 'Usage.md#import-export'?
INFO - Doc file 'Community-and-related-software.md' contains an unrecognized relative link
'REST-API', it was left as is. Did you mean 'REST-API.md'?
INFO - Doc file 'Community-and-related-software.md' contains an unrecognized relative link
'Theming', it was left as is.
INFO - Doc file 'Installation.md' contains an unrecognized relative link
'dev/Development#third-party-libraries', it was left as is. Did you mean
'dev/Development.md#third-party-libraries'?
INFO - Doc file 'Installation.md' contains an unrecognized relative link
'Upgrade-and-migration', it was left as is. Did you mean 'Upgrade-and-migration.md'?
INFO - Doc file 'Plugins.md' contains an unrecognized relative link 'Shaarli-configuration', it
was left as is. Did you mean 'Shaarli-configuration.md'?
INFO - Doc file 'REST-API.md' contains an unrecognized relative link 'Server-configuration', it
was left as is. Did you mean 'Server-configuration.md'?
INFO - Doc file 'Reverse-proxy.md' contains an unrecognized relative link
'Shaarli-configuration', it was left as is. Did you mean 'Shaarli-configuration.md'?
INFO - Doc file 'Server-configuration.md' contains an unrecognized relative link
'Directory-structure', it was left as is.
INFO - Doc file 'Shaarli-configuration.md' contains an unrecognized relative link
'Translations', it was left as is.
INFO - Doc file 'dev/Development.md' contains an unrecognized relative link 'Unit-tests', it was
left as is. Did you mean 'Unit-tests.md'?
INFO - Doc file 'dev/Development.md' contains an unrecognized relative link 'GnuPG-signature',
it was left as is. Did you mean 'GnuPG-signature.md'?
INFO - Doc file 'dev/GnuPG-signature.md' contains an unrecognized relative link 'Release
Shaarli', it was left as is.
INFO - Doc file 'dev/Theming.md' contains an unrecognized relative link 'Shaarli-configuration',
it was left as is.
INFO - Doc file 'dev/Translations.md' contains an unrecognized relative link 'Theming', it was
left as is. Did you mean 'Theming.md'?
INFO - Documentation built in 0.40 seconds
- run scan on each push/pull request update
- can be run locally using make test_trivy_repo
- exit with error code 0/success when vulnerabilities are found, as not to make the workflow fail, a separate periodic run that exits with code 1 should be added in parallel
- update trivy to v0.43.0
- https://github.com/aquasecurity/trivy/releases/tag/v0.43.0
- also consider TRIVY_EXIT_CODE when running trivy on the latest docker image
- ref. https://github.com/shaarli/Shaarli/issues/1531
- fixes Error response from daemon: no such image: ghcr.io/***:trivy: No such image: ghcr.io/***:trivy
- introduced in https://github.com/shaarli/Shaarli/pull/1980 but the test target branch/tag was never reverted to 'latest'
- run trivy from makefile so that it can be run both locally and through github actions
- usage: make test_trivy TRIVY_TARGET_DOCKER_IMAGE=regist.ry/user/image:tag
- tested by downgrading the base image to alpine 3.15.7 and verifying that vulnerabilities are reported (https://github.com/nodiscc/Shaarli/actions/runs/4860040980/jobs/8663400103)
- TEMP/TESTING only push image to ghcr.io, run trivy on trivy branch/docker tag as well as master
- ref. https://github.com/shaarli/Shaarli/issues/1531