From 6b70d8bf3f257e47cd1a8e7600b7c65a4a5f5f5c Mon Sep 17 00:00:00 2001
From: "Federico M. Facca" <federico.facca@zaphiro.ch>
Date: Tue, 12 Nov 2024 18:10:30 +0100
Subject: [PATCH] update trivy configuration to native cache support

---
 .github/workflows/docker.yaml | 16 ----------------
 .github/workflows/golang.yaml | 20 ++------------------
 2 files changed, 2 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 02a7f33..bebbe08 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -144,16 +144,6 @@ jobs:
         id: extract_tag
         run: echo "::set-output name=tag::$(echo "${{ needs.build.outputs.tags }}" | head -n1)"
         ## To avoid the trivy-db becoming outdated, we save the cache for one day
-      - name: Get data
-        id: date
-        run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
-      - name: Restore trivy cache
-        uses: actions/cache@v4
-        with:
-          path: cache/db
-          key: trivy-cache-${{ steps.date.outputs.date }}
-          restore-keys:
-            trivy-cache-
       - name: Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -163,12 +153,6 @@ jobs:
           scanners: "vuln,secret,misconfig"
           exit-code: '1'
           severity: MEDIUM,HIGH,CRITICAL
-          cache-dir: "./cache"
         env:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-      ## Trivy-db uses `0600` permissions.
-      ## But `action/cache` use `runner` user by default
-      ## So we need to change the permissions before caching the database.
-      - name: change permissions for trivy.db
-        run: sudo chmod 0644 ./cache/db/trivy.db
diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
index 36f015a..81c8621 100644
--- a/.github/workflows/golang.yaml
+++ b/.github/workflows/golang.yaml
@@ -246,17 +246,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        ## To avoid the trivy-db becoming outdated, we save the cache for one day
-      - name: Get data
-        id: date
-        run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
-      - name: Restore trivy cache
-        uses: actions/cache@v4
-        with:
-          path: cache/db
-          key: trivy-cache-${{ steps.date.outputs.date }}
-          restore-keys:
-            trivy-cache-
       - name: Run Trivy vulnerability scanner (for summary)
         uses: aquasecurity/trivy-action@master
         with:
@@ -266,7 +255,6 @@ jobs:
           scanners: "vuln,secret,misconfig"
           hide-progress: true
           output: trivy.txt
-          cache-dir: "./cache"
       - name: Publish Trivy Output to Summary
         run: |
           if [[ -s trivy.txt ]]; then
@@ -288,9 +276,5 @@ jobs:
           scanners: "vuln,secret,misconfig"
           exit-code: '1'
           severity: MEDIUM,HIGH,CRITICAL
-          cache-dir: "./cache"
-      ## Trivy-db uses `0600` permissions.
-      ## But `action/cache` use `runner` user by default
-      ## So we need to change the permissions before caching the database.
-      - name: change permissions for trivy.db
-        run: sudo chmod 0644 ./cache/db/trivy.db
+          # On a subsequent call to the action we know trivy is already installed so can skip this
+          skip-setup-trivy: true