chore: fix trivy

Signed-off-by: Bence Csati <[email protected]>
axoflow · Nov 21, 2024 · 32a38e2 · 32a38e2
1 parent cdd7314
commit 32a38e2
Showing 1 changed file with 3 additions and 14 deletions.
diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml
@@ -161,25 +161,14 @@ jobs:
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: artifacts-${{ inputs.distribution }}-${{ matrix.GOOS }}-${{ matrix.GOARCH }}
+          name: artifacts-${{ inputs.distribution }}
           path: distributions/${{ inputs.distribution }}/dist/**/*
           if-no-files-found: error
 
-      - name: Install jq
-        run: sudo apt-get install -y jq
-
-      - name: Extract Docker image with digest
-        id: image-with-digest
-        shell: bash
-        run: |
-         echo '${{ steps.goreleaser-action.outputs.artifacts }}' >> output-artifacts.json
-         DOCKER_IMAGE=$(jq -r '.[] | select(.type == "Docker Manifest" and (.path | test(":[0-9]+"))) | "\(.path)@\(.extra.Digest)"' ./output-artifacts.json)
-         echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT"
-
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.17.0
+        uses: aquasecurity/trivy-action@0.29.0
         with:
-          image-ref: ${{ steps.image-with-digest.outputs.DOCKER_IMAGE }}
+          image-ref: ghcr.io/axoflow/axoflow-otel-collector/axoflow-otel-collector:latest
           format: sarif
           output: trivy-results.sarif