From cdb9d8d5f5fa9050f9978cdac4fee31ee0de42d3 Mon Sep 17 00:00:00 2001
From: Rob Vesse <rob.vesse@telicent.io>
Date: Mon, 14 Oct 2024 11:11:16 +0100
Subject: [PATCH] fix: Avoid repeat installs (#6)

This commit adds tracking and detection of when the current job has
already called setup-trivy (whether directly/indirectly) and avoids
repeatedly installing it once it has been installed
---
 action.yaml | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/action.yaml b/action.yaml
index 7d6fac6..718decf 100644
--- a/action.yaml
+++ b/action.yaml
@@ -19,21 +19,33 @@ inputs:
 runs:
   using: 'composite'
   steps:
+    - name: Check is Trivy already installed?
+      id: check
+      shell: bash
+      run: |
+        if [ "$TRIVY_INSTALLED" == "${{ inputs.version }}-${{ inputs.path }}" ]; then
+          echo "Trivy '${{ inputs.version }}' has already been installed by the current job, skipping reinstalling it again"
+          echo "installed=true" >> $GITHUB_OUTPUT
+        else
+          echo "installed=false" >> $GITHUB_OUTPUT
+        fi
+
     - name: Binary dir
+      if: ${{ steps.check.outputs.installed == 'false' }}
       id: binary-dir
       shell: bash
       run: echo "dir=${{ inputs.path }}/trivy-bin" >> $GITHUB_OUTPUT
 
     ## Don't cache `latest` version
     - name: Check the version for caching
-      if: ${{ inputs.cache == 'true' && inputs.version == 'latest' }}
+      if: ${{ steps.check.outputs.installed == 'false' && inputs.cache == 'true' && inputs.version == 'latest' }}
       shell: bash
       run: |
         echo "'setup-trivy' doesn't currently support caching the 'latest' version"
         echo "read https://github.com/aquasecurity/setup-trivy?tab=readme-ov-file#caching for more details"
 
     - name: Restore Trivy binary from cache
-      if: ${{ inputs.cache == 'true' && inputs.version != 'latest' }}
+      if: ${{ steps.check.outputs.installed == 'false' && inputs.cache == 'true' && inputs.version != 'latest' }}
       id: cache
       uses: actions/cache@v4
       with:
@@ -41,7 +53,7 @@ runs:
         key: trivy-binary-${{ inputs.version }}-${{ runner.os }}-${{ runner.arch }}
 
     - name: Checkout install script
-      if: steps.cache.outputs.cache-hit != 'true'
+      if: ${{ steps.check.outputs.installed == 'false' && steps.cache.outputs.cache-hit != 'true' }}
       uses: actions/checkout@v4
       with:
         repository: aquasecurity/trivy
@@ -52,7 +64,7 @@ runs:
         fetch-depth: 1
 
     - name: Install Trivy
-      if: steps.cache.outputs.cache-hit != 'true'
+      if: ${{ steps.check.outputs.installed == 'false' && steps.cache.outputs.cache-hit != 'true' }}
       shell: bash
       run: |
         echo "installing Trivy binary"
@@ -60,5 +72,11 @@ runs:
 
     ## Add the Trivy binary, retrieved from cache or installed by a script, to $GITHUB_PATH
     - name: Add Trivy binary to $GITHUB_PATH
+      if: ${{ steps.check.outputs.installed == 'false' }}
       shell: bash
       run: echo ${{ steps.binary-dir.outputs.dir }} >> $GITHUB_PATH
+
+    - name: Set Env Var to indicate Trivy is "'setup-trivy'
+      if: ${{ steps.check.outputs.installed == 'false' }}
+      shell: bash
+      run: echo "TRIVY_INSTALLED=${{ inputs.version}}-${{ inputs.path}}" >> $GITHUB_ENV