From ecbd312e635dd133a3f62cab0f6bb51fda58152f Mon Sep 17 00:00:00 2001
From: Dave Henderson <dhenderson@gmail.com>
Date: Fri, 10 May 2024 20:22:10 +0100
Subject: build: attempt to fix trivy action config (#2061)

* build: attempt to fix trivy action config

Signed-off-by: Dave Henderson <dhenderson@gmail.com>

* build: remove cc-test-reporter call

Signed-off-by: Dave Henderson <dhenderson@gmail.com>

---------

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
---
 .github/workflows/build.yml      | 14 +-------------
 .github/workflows/image-scan.yml |  9 +++++++--
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 20eff105..fe971c0f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,19 +25,7 @@ jobs:
         with:
           name: gomplate
           path: bin/gomplate
-      - name: make test
-        run: |
-          [ -n "$CC_TEST_REPORTER_ID" ] && cc-test-reporter before-build
-          make test
-          EXIT_CODE=$?
-
-          if [ -n "$CC_TEST_REPORTER_ID" ]; then
-            # workaround from https://github.com/codeclimate/test-reporter/issues/378
-            export PREFIX=$(go list -m)
-            cc-test-reporter after-build -t gocov -p $PREFIX --exit-code $EXIT_CODE
-          fi
-        env:
-          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
+      - run: make test
       - run: make integration
   windows-build:
     runs-on: windows-latest
diff --git a/.github/workflows/image-scan.yml b/.github/workflows/image-scan.yml
index 0de16618..78a4f2a3 100644
--- a/.github/workflows/image-scan.yml
+++ b/.github/workflows/image-scan.yml
@@ -34,10 +34,15 @@ jobs:
         image-ref: gomplate
         format: sarif
         output: trivy-results.sarif
-        exit-code: 1
+        # exit-code: 1
         ignore-unfixed: true
         vuln-type: os,library
-        severity: CRITICAL,HIGH
+        # The SARIF format ignores severity and uploads all vulnerabilities for
+        # later triage. The table-format step above is used to fail the build if
+        # there are any critical or high vulnerabilities.
+        # See https://github.com/aquasecurity/trivy-action/issues/95
+        # severity: 'CRITICAL,HIGH'
+        trivyignores: .trivyignore
     - name: Upload Trivy scan results to GitHub Security tab
       uses: github/codeql-action/upload-sarif@v3
       with:
-- 
cgit v1.2.3