From 84c4949e233dc3f97db141dce4f8f74fb92e6c5a Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Tue, 1 Oct 2024 19:20:12 -0300
Subject: [PATCH] [CONFIG] [Github Actions] Docker flow, trivy issue
 workaround.

---
 .github/workflows/docker-image.yml | 40 +++++++++---------------------
 1 file changed, 12 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 3bc1bf0..95df260 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -159,7 +159,7 @@ jobs:
         with:
           sarif_file: 'snyk.sarif'
   scan:
-    name: "Trivy (sarif)"
+    name: "Trivy"
     runs-on: ubuntu-latest
     needs: build
     permissions:
@@ -178,40 +178,24 @@ jobs:
           docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
           docker image ls -a
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy vulnerability scanner (cli report)
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+          format: 'table'
+        env:
+          TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }}
+
+      - name: Run Trivy vulnerability scanner (sarif report)
         uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
           format: 'sarif'
           output: 'trivy-results.sarif'
+        env:
+          TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
-        env:
-          ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  report:
-    name: "Trivy (report)"
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.ARTIFACT_NAME }}_prod
-          path: /tmp/
-
-      - name: Load image
-        run: |
-          docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
-          docker image ls -a
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          format: 'table'
-        env:
-          ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}