From c00223cb2e1c748c35ec14b6efeb953cedbb2a96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Fri, 28 Jun 2024 18:12:23 +0200
Subject: [PATCH] fix code scan with podman socket

---
 .github/workflows/notebook_controller_integration_test.yaml   | 2 ++
 .../workflows/odh_notebook_controller_integration_test.yaml   | 2 ++
 testing/gha_run_trivy_scan.sh                                 | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/notebook_controller_integration_test.yaml b/.github/workflows/notebook_controller_integration_test.yaml
index 9ad3dc6c7bc..8ec8917aee2 100644
--- a/.github/workflows/notebook_controller_integration_test.yaml
+++ b/.github/workflows/notebook_controller_integration_test.yaml
@@ -40,6 +40,8 @@ jobs:
           systemctl --user daemon-reload
           systemctl --user start podman.socket
 
+          echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
diff --git a/.github/workflows/odh_notebook_controller_integration_test.yaml b/.github/workflows/odh_notebook_controller_integration_test.yaml
index e2ce42d338a..f2e33aa6057 100644
--- a/.github/workflows/odh_notebook_controller_integration_test.yaml
+++ b/.github/workflows/odh_notebook_controller_integration_test.yaml
@@ -41,6 +41,8 @@ jobs:
           systemctl --user daemon-reload
           systemctl --user start podman.socket
 
+          echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
diff --git a/testing/gha_run_trivy_scan.sh b/testing/gha_run_trivy_scan.sh
index 66f4f275549..8c996ccc851 100755
--- a/testing/gha_run_trivy_scan.sh
+++ b/testing/gha_run_trivy_scan.sh
@@ -74,11 +74,13 @@ EOF
 
 echo "[INFO] running Trivy ${TRIVY_VERSION}"
 podman run --rm \
+    -v ${PODMAN_SOCK}:/var/run/docker.sock \
     -v ${REPORT_FOLDER}:/report \
     docker.io/aquasec/trivy:${TRIVY_VERSION} \
       image \
       --scanners vuln,secret \
-      --exit-code 0 --timeout 30m \
+      --exit-code 0 \
+      --timeout 30m \
       --severity CRITICAL,HIGH \
       --format template --template "@/report/$REPORT_TEMPLATE" -o /report/${REPORT_FILE} \
       ${IMAGE_NAME}