Install grype from my own server

Far higher reliability than github
2026-01-29 23:23:29 -05:00 · 2026-01-10 12:32:31 +05:30 · 2026-01-10 12:32:31 +05:30 · 9ffa9298bf
commit 9ffa9298bf
parent df1313e4be
1 changed files with 7 additions and 18 deletions
--- a/setup/unix-ci.py
+++ b/setup/unix-ci.py
@ -4,7 +4,7 @@

 import glob
 import io
-import json
+import lzma
 import os
 import shlex
 import subprocess
@ -167,23 +167,12 @@ def get_tx():
        tf.extract('tx', filter='fully_trusted')


-def install_grype() -> str:
-    dest = '/tmp'
-    rq = Request('https://api.github.com/repos/anchore/grype/releases/latest', headers={
-        'Accept': 'application/vnd.github.v3+json',
-    })
-    m = json.loads(download_with_retry(rq))
-    for asset in m['assets']:
-        if asset['name'].endswith('_linux_amd64.tar.gz'):
-            url = asset['browser_download_url']
-            break
-    else:
-        raise ValueError('Could not find linux binary for grype')
-    os.makedirs(dest, exist_ok=True)
-    data = download_with_retry(url)
-    with tarfile.open(fileobj=io.BytesIO(data), mode='r') as tf:
-        tf.extract('grype', path=dest, filter='fully_trusted')
-    exe = os.path.join(dest, 'grype')
+def install_grype(exe: str = '/tmp/grype') -> str:
+    raw = download_with_retry('https://download.calibre-ebook.com/ci/grype.xz')
+    raw = lzma.decompress(raw)
+    with open(exe, 'wb') as f:
+        f.write(raw)
+        os.fchmod(f.fileno(), 0o755)
    subprocess.check_call([exe, 'db', 'update'])
    return exe