From 588d84d8a2c563e2a8279a95ab53fe178baca3d6 Mon Sep 17 00:00:00 2001
From: Ahmet Yildiz <36455837+aviatus@users.noreply.github.com>
Date: Wed, 17 Jul 2024 23:32:09 +0300
Subject: [PATCH] feat: use trivy github action (#1053)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Ahmet Enes Yildiz <aenes45@gmail.com>
Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
Co-authored-by: Ashna Mehrotra <ashnamehrotra@gmail.com>
---
 .github/workflows/test.yaml | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index dbb64bf3f7..0a30d19c77 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -155,14 +155,6 @@ jobs:
       - name: Get repo
         run: |
           echo "REPO=$(echo $GITHUB_REPOSITORY | awk '{print tolower($0)}')" >> $GITHUB_ENV
-      - name: Download trivy
-        run: |
-          pushd $(mktemp -d)
-          wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
-          tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
-          echo "$(pwd)" >> $GITHUB_PATH
-        env:
-          TRIVY_VERSION: "0.50.0"
 
       - name: Build eraser-manager
         run: |
@@ -176,14 +168,35 @@ jobs:
       - name: Build trivy scanner
         run: |
           make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test
+
       - name: Run trivy for remover
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/remover:test
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
+        with:
+          image-ref: ${{ env.REGISTRY }}/remover:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for eraser-manager
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/${REPO}-manager:test
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for collector
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/collector:test
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
+        with:
+          image-ref: ${{ env.REGISTRY }}/collector:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for trivy-scanner
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/${REPO}-trivy-scanner:test
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"