update trivy configuration to native cache support

zaphiro-technologies · Nov 12, 2024 · 6b70d8b · 6b70d8b
1 parent 0aa74ef
commit 6b70d8b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 34 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -144,16 +144,6 @@ jobs:
         id: extract_tag
         run: echo "::set-output name=tag::$(echo "${{ needs.build.outputs.tags }}" | head -n1)"
         ## To avoid the trivy-db becoming outdated, we save the cache for one day
-      - name: Get data
-        id: date
-        run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
-      - name: Restore trivy cache
-        uses: actions/cache@v4
-        with:
-          path: cache/db
-          key: trivy-cache-${{ steps.date.outputs.date }}
-          restore-keys:
-            trivy-cache-
       - name: Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -163,12 +153,6 @@ jobs:
           scanners: "vuln,secret,misconfig"
           exit-code: '1'
           severity: MEDIUM,HIGH,CRITICAL
-          cache-dir: "./cache"
         env:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-      ## Trivy-db uses `0600` permissions.
-      ## But `action/cache` use `runner` user by default
-      ## So we need to change the permissions before caching the database.
-      - name: change permissions for trivy.db
-        run: sudo chmod 0644 ./cache/db/trivy.db
diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
@@ -246,17 +246,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        ## To avoid the trivy-db becoming outdated, we save the cache for one day
-      - name: Get data
-        id: date
-        run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
-      - name: Restore trivy cache
-        uses: actions/cache@v4
-        with:
-          path: cache/db
-          key: trivy-cache-${{ steps.date.outputs.date }}
-          restore-keys:
-            trivy-cache-
       - name: Run Trivy vulnerability scanner (for summary)
         uses: aquasecurity/trivy-action@master
         with:
@@ -266,7 +255,6 @@ jobs:
           scanners: "vuln,secret,misconfig"
           hide-progress: true
           output: trivy.txt
-          cache-dir: "./cache"
       - name: Publish Trivy Output to Summary
         run: |
           if [[ -s trivy.txt ]]; then
@@ -288,9 +276,5 @@ jobs:
           scanners: "vuln,secret,misconfig"
           exit-code: '1'
           severity: MEDIUM,HIGH,CRITICAL
-          cache-dir: "./cache"
-      ## Trivy-db uses `0600` permissions.
-      ## But `action/cache` use `runner` user by default
-      ## So we need to change the permissions before caching the database.
-      - name: change permissions for trivy.db
-        run: sudo chmod 0644 ./cache/db/trivy.db
+          # On a subsequent call to the action we know trivy is already installed so can skip this
+          skip-setup-trivy: true