mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(ci): use ghcr.io mirror for Trivy DB to avoid mirror.gcr.io DNS failures #759

Merged
jason.woltje merged 1 commits from fix/ci-prisma-generate into main 2026-03-11 12:08:31 +00:00
Conversation 0 Commits 1 Files Changed 1 +3 -3
jason.woltje commented 2026-03-11 12:08:16 +00:00
Owner
Copy Link

Problem

Pipeline #1056 failed on all three security-trivy-* steps with:

dial tcp: lookup mirror.gcr.io on 127.0.0.11:53: server misbehaving

Trivy attempts to download its vulnerability DB from mirror.gcr.io/aquasec/trivy-db:2 by default. The CI runner intermittently cannot resolve this DNS name.

Fix

Add --db-repository ghcr.io/aquasecurity/trivy-db to all three Trivy scan steps. GitHub Container Registry is more reliably accessible from the CI runner environment.

Impact

  • Unblocks PRs #692 and #693 that are waiting for main to be green
  • Prevents future Trivy DB download failures due to GCR DNS issues

Testing

This change only affects CI configuration. No code logic changes.

## Problem Pipeline #1056 failed on all three `security-trivy-*` steps with: ``` dial tcp: lookup mirror.gcr.io on 127.0.0.11:53: server misbehaving ``` Trivy attempts to download its vulnerability DB from `mirror.gcr.io/aquasec/trivy-db:2` by default. The CI runner intermittently cannot resolve this DNS name. ## Fix Add `--db-repository ghcr.io/aquasecurity/trivy-db` to all three Trivy scan steps. GitHub Container Registry is more reliably accessible from the CI runner environment. ## Impact - Unblocks PRs #692 and #693 that are waiting for main to be green - Prevents future Trivy DB download failures due to GCR DNS issues ## Testing This change only affects CI configuration. No code logic changes.
jason.woltje added 1 commit 2026-03-11 12:08:17 +00:00
fix(ci): use ghcr.io mirror for Trivy DB to avoid mirror.gcr.io DNS failures
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
d8a568d6c9 
mirror.gcr.io intermittently fails DNS resolution in CI runner environment.
Add --db-repository ghcr.io/aquasecurity/trivy-db to all three Trivy scan steps
as a reliable alternative to the default GCR mirror.

Fixes pipeline #1056 failure (security-trivy-api/orchestrator/web all failed
with: 'dial tcp: lookup mirror.gcr.io on 127.0.0.11:53: server misbehaving')
jason.woltje merged commit 701398fb0a into main 2026-03-11 12:08:31 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
ai
AI/LLM integration
 api
Backend/API work
 api
auth
Authentication
 auto-merge
Automatically merge when Gatekeeper conditions pass
 database
Database/schema work
 database
devops
Docker/deployment
 docs
Documentation
 frontend
graph
knowledge-module
migration
Data migration
 orchestrator
Orchestrator service (apps/orchestrator/)
 p0
Critical priority
 p1
High priority
 p2
Medium priority
 p3
Low priority
 performance
Performance work
 phase-1
phase-2
phase-3
phase-4
phase-5
plugin
MoltBot plugin work
 search
security
Security-related
 setup
Initial setup
 testing
Testing/QA
 web
Frontend work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaic/stack#759
Delete Branch "fix/ci-prisma-generate"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?