From 5f3972f86daf29736c4140a9e231757a5bca0ebc Mon Sep 17 00:00:00 2001
From: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
Date: Fri, 22 Oct 2021 09:36:12 +0300
Subject: [PATCH] Add configurable timeout for Trivy scans (#15796)

Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
---
 .../prepare/migrations/version_2_4_0/harbor.yml.jinja       | 6 ++++++
 make/photon/prepare/templates/trivy-adapter/env.jinja       | 1 +
 make/photon/prepare/utils/configs.py                        | 1 +
 3 files changed, 8 insertions(+)

diff --git a/make/photon/prepare/migrations/version_2_4_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_4_0/harbor.yml.jinja
index ac5393ef1..2b2ac793c 100644
--- a/make/photon/prepare/migrations/version_2_4_0/harbor.yml.jinja
+++ b/make/photon/prepare/migrations/version_2_4_0/harbor.yml.jinja
@@ -147,6 +147,12 @@ trivy:
   {% else %}
   ignore_unfixed: false
   {% endif %}
+  # timeout The duration to wait for scan completion
+  {% if trivy.timeout is defined %}
+  timeout: {{ trivy.timeout }}
+  {% else %}
+  timeout: 5m0s
+  {% endif %}
   # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
   #
   # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
diff --git a/make/photon/prepare/templates/trivy-adapter/env.jinja b/make/photon/prepare/templates/trivy-adapter/env.jinja
index da6b1cae6..99292f439 100644
--- a/make/photon/prepare/templates/trivy-adapter/env.jinja
+++ b/make/photon/prepare/templates/trivy-adapter/env.jinja
@@ -12,6 +12,7 @@ SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
 SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
 SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
 SCANNER_TRIVY_INSECURE={{trivy_insecure}}
+SCANNER_TRIVY_TIMEOUT={{trivy_timeout}}
 HTTP_PROXY={{trivy_http_proxy}}
 HTTPS_PROXY={{trivy_https_proxy}}
 NO_PROXY={{trivy_no_proxy}}
diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
index 58355e1ae..3b8506d46 100644
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@@ -221,6 +221,7 @@ def parse_yaml_config(config_file_path, with_notary, with_trivy, with_chartmuseu
     config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
     config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
     config_dict['trivy_insecure'] = trivy_configs.get("insecure") or False
+    config_dict['trivy_timeout'] = trivy_configs.get("timeout") or '5m0s'
 
     # Chart configs
     chart_configs = configs.get("chart") or {}