📌 Pin trivy-action to 0.24.0

sergei-maertens · sergei-maertens · commit 38930d707fbb · 2024-10-11T10:54:40.000+02:00
To resolve the file path errors, see also aquasecurity/trivy-action#404
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -421,8 +421,21 @@ jobs:
         with:
           name: docker-image-all-extensions-${{ needs.docker_build_setup.outputs.version }}
 
+      # NOTE: when we can ugprade to newer action versions (see
+      # aquasecurity/trivy-action#404), this should be obsolete and can be removed.
+      # This requires to trivy.yml cronjob to have run successfully.
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Restore caches
+        uses: actions/cache/restore@v4
+        with:
+          path: ${{ github.workspace }}/.cache/trivy
+          key: cache-trivy-${{ steps.date.outputs.date }}
+
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           input: /github/workspace/image.tar  # from download-artifact
           format: 'sarif'
