From 8819d489ae665fc84cf66111066c885815b5ce45 Mon Sep 17 00:00:00 2001 From: nepalevov <33350321+nepalevov@users.noreply.github.com> Date: Fri, 25 Oct 2024 19:50:55 +0200 Subject: [PATCH] chore: optimize Trivy scanning configuration (#102) * chore: optimize Trivy scanning configuration * chore: bump self dependencies --- .github/workflows/generic_docker_pr.yml | 2 +- .github/workflows/generic_docker_release.yml | 8 ++++---- .github/workflows/generic_docker_test.yml | 2 +- .github/workflows/java_pr.yml | 4 ++-- .github/workflows/java_release.yml | 10 +++++----- .github/workflows/java_test.yml | 6 +++--- .github/workflows/node_pr.yml | 2 +- .github/workflows/node_release.yml | 10 +++++----- .github/workflows/node_test.yml | 8 ++++---- .github/workflows/python_docker_pr.yml | 2 +- .github/workflows/python_docker_release.yml | 8 ++++---- .github/workflows/python_docker_test.yml | 6 +++--- .github/workflows/python_package_pr.yml | 2 +- .github/workflows/python_package_release.yml | 8 ++++---- .github/workflows/python_package_test.yml | 6 +++--- actions/build_docker/action.yml | 3 +++ 16 files changed, 45 insertions(+), 42 deletions(-) diff --git a/.github/workflows/generic_docker_pr.yml b/.github/workflows/generic_docker_pr.yml index a575dba..73e505d 100644 --- a/.github/workflows/generic_docker_pr.yml +++ b/.github/workflows/generic_docker_pr.yml @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: image_name: ghcr.io/${{ env.IMAGE_NAME }} image_tag: test diff --git a/.github/workflows/generic_docker_release.yml b/.github/workflows/generic_docker_release.yml index 69566e0..93d4cbc 100644 --- a/.github/workflows/generic_docker_release.yml +++ b/.github/workflows/generic_docker_release.yml @@ -60,7 +60,7 @@ jobs: is_latest: ${{ steps.semantic_versioning.outputs.is_latest }} latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }} steps: - - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.3 + - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.4 id: semantic_versioning release: @@ -73,14 +73,14 @@ jobs: - calculate_version - test steps: - - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.3 + - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.4 with: latest_tag: ${{ needs.calculate_version.outputs.latest_tag }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true token: ${{ secrets.ACTIONS_BOT_TOKEN }} - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: ghcr_username: ${{ github.actor }} ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -97,7 +97,7 @@ jobs: ${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}} - - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.3 + - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.4 with: tag_version: ${{ needs.calculate_version.outputs.next_version }} changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify diff --git a/.github/workflows/generic_docker_test.yml b/.github/workflows/generic_docker_test.yml index 9348af5..8d7ab55 100644 --- a/.github/workflows/generic_docker_test.yml +++ b/.github/workflows/generic_docker_test.yml @@ -45,6 +45,6 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/ort@1.9.3 + - uses: epam/ai-dial-ci/actions/ort@1.9.4 with: bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }} diff --git a/.github/workflows/java_pr.yml b/.github/workflows/java_pr.yml index a4ceb2c..b666c8a 100644 --- a/.github/workflows/java_pr.yml +++ b/.github/workflows/java_pr.yml @@ -71,7 +71,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/java_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/java_prepare@1.9.4 with: java_version: ${{ inputs.java_version }} java_distribution: ${{ inputs.java_distribution }} @@ -83,7 +83,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: image_name: ghcr.io/${{ env.IMAGE_NAME }} image_tag: test diff --git a/.github/workflows/java_release.yml b/.github/workflows/java_release.yml index 7dc41ac..c59ff97 100644 --- a/.github/workflows/java_release.yml +++ b/.github/workflows/java_release.yml @@ -72,7 +72,7 @@ jobs: is_latest: ${{ steps.semantic_versioning.outputs.is_latest }} latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }} steps: - - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.3 + - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.4 id: semantic_versioning release: @@ -85,14 +85,14 @@ jobs: - calculate_version - test steps: - - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.3 + - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.4 with: latest_tag: ${{ needs.calculate_version.outputs.latest_tag }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true token: ${{ secrets.ACTIONS_BOT_TOKEN }} - - uses: epam/ai-dial-ci/actions/java_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/java_prepare@1.9.4 with: java_version: ${{ inputs.java_version }} java_distribution: ${{ inputs.java_distribution }} @@ -100,7 +100,7 @@ jobs: shell: bash run: | sed -i -E "s/^([ \t]*version[ \t]*=[ \t]*)[\"'].*[\"']/\1\"${{ needs.calculate_version.outputs.next_version }}\"/g" build.gradle - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: ghcr_username: ${{ github.actor }} ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -117,7 +117,7 @@ jobs: ${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}} - - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.3 + - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.4 with: tag_version: ${{ needs.calculate_version.outputs.next_version }} changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify diff --git a/.github/workflows/java_test.yml b/.github/workflows/java_test.yml index 3ec8a7d..4ad02ee 100644 --- a/.github/workflows/java_test.yml +++ b/.github/workflows/java_test.yml @@ -48,7 +48,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/java_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/java_prepare@1.9.4 with: java_version: ${{ inputs.java_version }} java_distribution: ${{ inputs.java_distribution }} @@ -65,7 +65,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/java_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/java_prepare@1.9.4 with: java_version: ${{ inputs.java_version }} java_distribution: ${{ inputs.java_distribution }} @@ -82,7 +82,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/ort@1.9.3 + - uses: epam/ai-dial-ci/actions/ort@1.9.4 with: bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }} cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=Gradle" diff --git a/.github/workflows/node_pr.yml b/.github/workflows/node_pr.yml index dfa7e0d..85e6a50 100644 --- a/.github/workflows/node_pr.yml +++ b/.github/workflows/node_pr.yml @@ -76,7 +76,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: image_name: ghcr.io/${{ env.IMAGE_NAME }} image_tag: test diff --git a/.github/workflows/node_release.yml b/.github/workflows/node_release.yml index e2c3793..bc81d64 100644 --- a/.github/workflows/node_release.yml +++ b/.github/workflows/node_release.yml @@ -81,7 +81,7 @@ jobs: is_latest: ${{ steps.semantic_versioning.outputs.is_latest }} latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }} steps: - - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.3 + - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.4 id: semantic_versioning release: @@ -94,14 +94,14 @@ jobs: - calculate_version - test steps: - - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.3 + - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.4 with: latest_tag: ${{ needs.calculate_version.outputs.latest_tag }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true token: ${{ secrets.ACTIONS_BOT_TOKEN }} - - uses: epam/ai-dial-ci/actions/node_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/node_prepare@1.9.4 with: node_version: ${{ inputs.node_version }} clean_install: true @@ -110,7 +110,7 @@ jobs: shell: bash run: | npm version ${{ needs.calculate_version.outputs.next_version }} --no-git-tag-version || true # upstream branch may already be updated - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: ghcr_username: ${{ github.actor }} ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -150,7 +150,7 @@ jobs: IS_LATEST: ${{ needs.calculate_version.outputs.is_latest == 'true' }} IS_DEVELOPMENT_BRANCH: ${{ github.ref == 'refs/heads/development' }} IS_RELEASE_BRANCH: ${{ startsWith(github.ref, 'refs/heads/release-') }} - - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.3 + - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.4 with: tag_version: ${{ needs.calculate_version.outputs.next_version }} changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify diff --git a/.github/workflows/node_test.yml b/.github/workflows/node_test.yml index 16aaa71..871c860 100644 --- a/.github/workflows/node_test.yml +++ b/.github/workflows/node_test.yml @@ -52,7 +52,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/node_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/node_prepare@1.9.4 with: node_version: ${{ inputs.node_version }} clean_install: "true" @@ -69,7 +69,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/node_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/node_prepare@1.9.4 with: node_version: ${{ inputs.node_version }} clean_install: "true" @@ -86,7 +86,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/node_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/node_prepare@1.9.4 with: node_version: ${{ inputs.node_version }} clean_install: "true" @@ -103,7 +103,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/ort@1.9.3 + - uses: epam/ai-dial-ci/actions/ort@1.9.4 with: bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }} cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=NPM" diff --git a/.github/workflows/python_docker_pr.yml b/.github/workflows/python_docker_pr.yml index 626e38d..23a6d77 100644 --- a/.github/workflows/python_docker_pr.yml +++ b/.github/workflows/python_docker_pr.yml @@ -66,7 +66,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: image_name: ghcr.io/${{ env.IMAGE_NAME }} image_tag: test diff --git a/.github/workflows/python_docker_release.yml b/.github/workflows/python_docker_release.yml index deda5dd..4d5a971 100644 --- a/.github/workflows/python_docker_release.yml +++ b/.github/workflows/python_docker_release.yml @@ -68,7 +68,7 @@ jobs: is_latest: ${{ steps.semantic_versioning.outputs.is_latest }} latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }} steps: - - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.3 + - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.4 id: semantic_versioning release: @@ -81,7 +81,7 @@ jobs: - calculate_version - test steps: - - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.3 + - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.4 with: latest_tag: ${{ needs.calculate_version.outputs.latest_tag }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 @@ -92,7 +92,7 @@ jobs: shell: bash run: | sed -i "s/^version = .*/version = \"${{ needs.calculate_version.outputs.non_semver_next_version }}\"/g" pyproject.toml - - uses: epam/ai-dial-ci/actions/build_docker@1.9.3 + - uses: epam/ai-dial-ci/actions/build_docker@1.9.4 with: ghcr_username: ${{ github.actor }} ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -109,7 +109,7 @@ jobs: ${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}} ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}} - - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.3 + - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.4 with: tag_version: ${{ needs.calculate_version.outputs.next_version }} changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify diff --git a/.github/workflows/python_docker_test.yml b/.github/workflows/python_docker_test.yml index f31d4ee..c812624 100644 --- a/.github/workflows/python_docker_test.yml +++ b/.github/workflows/python_docker_test.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ inputs.python_version }} - name: Test @@ -60,7 +60,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ inputs.python_version }} - name: Test @@ -76,7 +76,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/ort@1.9.3 + - uses: epam/ai-dial-ci/actions/ort@1.9.4 with: bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }} cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=Poetry" diff --git a/.github/workflows/python_package_pr.yml b/.github/workflows/python_package_pr.yml index ced4a54..f764a37 100644 --- a/.github/workflows/python_package_pr.yml +++ b/.github/workflows/python_package_pr.yml @@ -73,7 +73,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ inputs.python_version }} - run: make build diff --git a/.github/workflows/python_package_release.yml b/.github/workflows/python_package_release.yml index df27e45..9c41b0f 100644 --- a/.github/workflows/python_package_release.yml +++ b/.github/workflows/python_package_release.yml @@ -70,7 +70,7 @@ jobs: non_semver_next_version: ${{ steps.semantic_versioning.outputs.non_semver_next_version }} latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }} steps: - - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.3 + - uses: epam/ai-dial-ci/actions/semantic_versioning@1.9.4 id: semantic_versioning release: @@ -83,14 +83,14 @@ jobs: - calculate_version - test steps: - - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.3 + - uses: epam/ai-dial-ci/actions/generate_release_notes@1.9.4 with: latest_tag: ${{ needs.calculate_version.outputs.latest_tag }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true token: ${{ secrets.ACTIONS_BOT_TOKEN }} - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ inputs.python_version }} - name: Set version @@ -104,7 +104,7 @@ jobs: make publish env: PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.3 + - uses: epam/ai-dial-ci/actions/publish_tag_release@1.9.4 with: tag_version: ${{ needs.calculate_version.outputs.non_semver_next_version }} changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify diff --git a/.github/workflows/python_package_test.yml b/.github/workflows/python_package_test.yml index cb71d7c..7878edf 100644 --- a/.github/workflows/python_package_test.yml +++ b/.github/workflows/python_package_test.yml @@ -68,7 +68,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ inputs.python_version }} - name: Test @@ -88,7 +88,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/python_prepare@1.9.3 + - uses: epam/ai-dial-ci/actions/python_prepare@1.9.4 with: python_version: ${{ matrix.python-version }} - name: Test @@ -107,7 +107,7 @@ jobs: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: lfs: true - - uses: epam/ai-dial-ci/actions/ort@1.9.3 + - uses: epam/ai-dial-ci/actions/ort@1.9.4 with: bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }} cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=Poetry" diff --git a/actions/build_docker/action.yml b/actions/build_docker/action.yml index ceb963b..7f0bef4 100644 --- a/actions/build_docker/action.yml +++ b/actions/build_docker/action.yml @@ -111,7 +111,10 @@ runs: vuln-type: ${{ inputs.scan_vuln_type }} severity: ${{ inputs.scan_severity }} limit-severities-for-sarif: true + skip-setup-trivy: true # We already have trivy installed just above env: + TRIVY_SKIP_DB_UPDATE: true # We already have the DB updated just above + TRIVY_SKIP_JAVA_DB_UPDATE: true # We already have the Java DB updated just above CONTINUE_ON_ERROR: ${{ inputs.bypass_checks }} # Hack to use the input below as a boolean continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }} - name: Upload Trivy scan results to GitHub Security tab