From 43541db88d1e455ab09a2547d53fd8bfb41c1392 Mon Sep 17 00:00:00 2001
From: Yunchu Lee <yunchu.lee@intel.com>
Date: Tue, 30 Apr 2024 10:45:00 +0900
Subject: [PATCH] update to use runner.temp path

---
 .github/workflows/code_scan.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index 2e93d012d22..473f568ebde 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -26,20 +26,21 @@ jobs:
       - name: Install dependencies
         run: |
           pip install --require-hashes --no-deps -r requirements/gh-actions.txt
-          pip-compile --extra=full -o /tmp/${{ github.sha }}/requirements.txt setup.py
+          mkdir -p ${{ runner.temp }}/${{ github.sha }}
+          pip-compile --extra=full -o ${{ runner.temp }}/${{ github.sha }}/requirements.txt setup.py
       - name: Trivy Scanning (CSV)
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
         with:
           trivy-config: ".ci/trivy-csv.yaml"
           scan-type: "fs"
-          scan-ref: /tmp/${{ github.sha }}/
+          scan-ref: ${{ runner.temp }}/${{ github.sha }}/
           scanners: vuln,secret
       - name: Trivy Scanning (spdx.json)
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
         with:
           trivy-config: ".ci/trivy-json.yaml"
           scan-type: "fs"
-          scan-ref: /tmp/${{ github.sha }}/
+          scan-ref: ${{ runner.temp }}/${{ github.sha }}/
       - name: Upload Trivy results artifact
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
@@ -57,8 +58,9 @@ jobs:
       - name: Install dependencies
         run: |
           pip install --require-hashes --no-deps -r requirements/gh-actions.txt
-          pip-compile --generate-hashes -o /tmp/${{ github.sha }}/requirements.txt requirements/dev.txt
-          pip install --require-hashes --no-deps -r /tmp/${{ github.sha }}/requirements.txt
+          mkdir -p ${{ runner.temp }}/${{ github.sha }}
+          pip-compile --generate-hashes -o ${{ runner.temp }}/${{ github.sha }}/requirements.txt requirements/dev.txt
+          pip install --require-hashes --no-deps -r ${{ runner.temp }}/${{ github.sha }}/requirements.txt
           rm /tmp/otx-dev-requirements.txt
       - name: Bandit Scanning
         run: tox -e bandit-scan