📌 Pin trivy-action to 0.24.0

To resolve the file path errors, see also aquasecurity/trivy-action#404
open-formulieren · Oct 11, 2024 · 38930d7 · 38930d7
1 parent 5f3b316
commit 38930d7
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -421,8 +421,21 @@ jobs:
         with:
           name: docker-image-all-extensions-${{ needs.docker_build_setup.outputs.version }}
 
+      # NOTE: when we can ugprade to newer action versions (see
+      # aquasecurity/trivy-action#404), this should be obsolete and can be removed.
+      # This requires to trivy.yml cronjob to have run successfully.
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Restore caches
+        uses: actions/cache/restore@v4
+        with:
+          path: ${{ github.workspace }}/.cache/trivy
+          key: cache-trivy-${{ steps.date.outputs.date }}
+
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           input: /github/workspace/image.tar  # from download-artifact
           format: 'sarif'