From 26a3c1ff91586d9022dc1ee8306aaa23a9f5915d Mon Sep 17 00:00:00 2001
From: Artem Sorokin <38620398+seemewalkin@users.noreply.github.com>
Date: Mon, 1 Sep 2025 16:56:14 +0200
Subject: [PATCH] ci: Add retry to docker pull to allow for manifest to
 propagate in release job (#19063)

---
 .github/workflows/security-trivy-scan-callable.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/security-trivy-scan-callable.yml b/.github/workflows/security-trivy-scan-callable.yml
index cce2253cea..ee17544fb1 100644
--- a/.github/workflows/security-trivy-scan-callable.yml
+++ b/.github/workflows/security-trivy-scan-callable.yml
@@ -29,6 +29,13 @@ jobs:
     name: Security - Scan Docker Image With Trivy
     runs-on: ubuntu-latest
     steps:
+      - name: Pull Docker image with retry
+        run: |
+          for i in {1..4}; do
+            docker pull "${{ inputs.image_ref }}" && break
+            [ "$i" -lt 4 ] && echo "Retry $i failed, waiting..." && sleep 15
+          done
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         id: trivy_scan