Skip to content

ci: pin trivy-action to existing tag v0.34.0#106

Merged
HammerMeetNail merged 1 commit into
mainfrom
fix-trivy-action-ref
Jun 29, 2026
Merged

ci: pin trivy-action to existing tag v0.34.0#106
HammerMeetNail merged 1 commit into
mainfrom
fix-trivy-action-ref

Conversation

@HammerMeetNail

Copy link
Copy Markdown
Owner

The Scan, Sign & Push job fails with Unable to resolve action aquasecurity/trivy-action, unable to find version 0.34.0, which blocks release and deploy.

trivy-action only publishes v-prefixed tags (v0.34.0); the unprefixed 0.34.0 — and even the previous 0.33.1 — don't exist as git refs. Latent since the dependabot bump (#75 / fc46647) because the deploy pipeline only runs on v* tags and none were cut until the v1.8.3/v1.8.4 security releases.

Fix: reference aquasecurity/trivy-action@v0.34.0.

Unblocks the v1.8.x security deploy.

🤖 Generated with Claude Code

aquasecurity/trivy-action publishes v-prefixed tags only; `0.34.0` (and the
prior `0.33.1`) do not exist as refs, so the scan-and-push job failed with
"Unable to resolve action ... unable to find version 0.34.0", blocking release
and deploy. This was latent since the dependabot bump (fc46647) because deploys
only run on version tags and none were cut until now.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@HammerMeetNail
HammerMeetNail merged commit 270ef17 into main Jun 29, 2026
6 checks passed
@HammerMeetNail
HammerMeetNail deleted the fix-trivy-action-ref branch June 29, 2026 13:00
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant