From 1546ea7f15e2df10516282988d75ba470bf726fe Mon Sep 17 00:00:00 2001
From: DaMandal0rian <3614052+DaMandal0rian@users.noreply.github.com>
Date: Thu, 22 Feb 2024 12:33:30 +0000
Subject: [PATCH] image dispatched from snapshot workflow for trivy image scan
 (#2542)

* use image dispatched from snapshot workflow

* remove unused matrix and refine the image value passed in dispatch
---
 .github/workflows/snapshot-build.yml      |  2 +-
 .github/workflows/trivy-security-scan.yml | 10 ++--------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/snapshot-build.yml b/.github/workflows/snapshot-build.yml
index 95c9d5e638..a22152eb1e 100644
--- a/.github/workflows/snapshot-build.yml
+++ b/.github/workflows/snapshot-build.yml
@@ -86,7 +86,7 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           event-type: trivy-scan-dispatch
-          client-payload: '{"sha": "${{ github.sha }}"}'
+          client-payload: '{"image": "ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:sha-${{ github.sha }}"}'
 
   executables:
     strategy:
diff --git a/.github/workflows/trivy-security-scan.yml b/.github/workflows/trivy-security-scan.yml
index e96accedfb..2f006a671e 100644
--- a/.github/workflows/trivy-security-scan.yml
+++ b/.github/workflows/trivy-security-scan.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
       - name: Check Docker image availability with retry
         run: |
-          image="ghcr.io/${{ github.repository_owner }}/${{ github.event.client_payload.image }}:${{ github.event.client_payload.sha }}"
+          image="${{ github.event.client_payload.image }}"
           timeout=900 # Timeout in seconds (15 minutes)
           interval=300 # Interval between retries in seconds (5 minutes)
           retry_limit=5 # Number of retries
@@ -43,12 +43,6 @@ jobs:
     needs: wait-for-image
     if: needs.wait-for-image.outputs.image-available == 'true'
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        image:
-          - farmer
-          - node
-          - bootstrap-node
 
     steps:
       - name: Checkout code
@@ -57,7 +51,7 @@ jobs:
       - name: Run Trivy vulnerability scanner on image
         uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # @v0.16.1
         with:
-          image-ref: ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:sha-${{ github.event.client_payload.sha }}
+          image-ref: ${{ github.event.client_payload.image }}
           format: "sarif"
           output: "trivy-results.sarif"
           exit-code: "1"