patch: Swap Trivy for Grype in CI pipeline#157
Merged
johncollinson2001 merged 6 commits intomainfrom Apr 13, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Swaps the CI vulnerability scanner from Trivy to Grype in the GitHub Actions CI pipeline, with optional workflow-dispatch inputs for controlling the Grype install version/source.
Changes:
- Add
workflow_dispatchinputs forgrype_versionandgrype_commit_sha. - Replace Trivy installation and filesystem scan steps with Grype install + scan.
- Minor YAML formatting/whitespace cleanup in the workflow.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
… managed disks, and PostgreSQL flexible servers
…stgreSQL flexible servers
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…tgreSQL flexible servers to align with new frequency requirements
…ob storage, managed disks, and PostgreSQL flexible servers
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 1 comment.
Files not reviewed (1)
- tests/integration-tests/.terraform.lock.hcl: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
khurram-rafiq
approved these changes
Apr 13, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.
Files not reviewed (1)
- tests/integration-tests/.terraform.lock.hcl: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+11
to
+14
| backup_interval_timestamp_pattern = "[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(Z|[+-][0-9]{2}:[0-9]{2})" | ||
| blob_storage_interval_pattern = "^R/${local.backup_interval_timestamp_pattern}/(${join("|", local.valid_blob_storage_intervals)})$" | ||
| managed_disk_interval_pattern = "^R/${local.backup_interval_timestamp_pattern}/(${join("|", local.valid_managed_disk_intervals)})$" | ||
| postgresql_interval_pattern = "^R/${local.backup_interval_timestamp_pattern}/(${join("|", local.valid_postgresql_flexible_server_intervals)})$" |
| for interval in v.backup_intervals : can(regex(local.blob_storage_interval_pattern, interval)) | ||
| ]) | ||
| ]) | ||
| error_message = "Invalid backup interval for blob storage: allowed frequencies are P1D (daily) or P1W (weekly). See https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage for details." |
| for interval in v.backup_intervals : can(regex(local.managed_disk_interval_pattern, interval)) | ||
| ]) | ||
| ]) | ||
| error_message = "Invalid backup interval for managed disk: allowed frequencies are PT1H, PT2H, PT4H, PT6H, PT8H, PT12H (hourly) or P1D (daily). See https://learn.microsoft.com/en-us/azure/backup/disk-backup-support-matrix for details." |
| for interval in v.backup_intervals : can(regex(local.postgresql_interval_pattern, interval)) | ||
| ]) | ||
| ]) | ||
| error_message = "Invalid backup interval for PostgreSQL flexible server: only P1W (weekly) is allowed. See https://learn.microsoft.com/en-us/azure/backup/backup-azure-database-postgresql-flex-support-matrix for details." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Swap Trivy for Grype in CI pipeline.
Due to a recent update to Azure/ARM, this PR also introduces required fixes to the backup intervals supported by the module. These changes are required for the CI build to complete successfully.
Type of change
Please check the relevant options:
🔲 New feature (a change which adds functionality)
🔲 Bug fix (a change which fixes an issue)
🔲 Refactoring (code cleanup or optimisation)
🔲 Testing (new tests, or improvements to existing tests)
✅ Pipelines (changes to pipelines and workflows)
🔲 Documentation (changes to documentation)
🔲 Other (something that's not listed here - please explain)
Checklist
Please check the relevant options:
✅ My code aligns with the style of this project
🔲 I have added comments in hard to understand areas
🔲 I have added tests that prove my change works
🔲 I have updated the documentation
✅ If merging into main, I'm aware that the PR should be squash merged with a commit message that adheres to the semantic release format
Additional Information
n/a