fix(sca): grype db should be downloaded at least daily (#324)

In case in a repo we are not over the 10GB limit for GitHub actions cache
the database never gets updated.

This patch makes sure to use a cache key that is day specific to force one
fetch per day.

Author: turip

security-actions/sca/action.yml

@@ -162,15 +162,21 @@ runs:
       env:
         grype: ${{ steps.grype.outputs.grype-path }}
 
+    - name: Get current date
+      id: date
+      shell: bash
+      run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
     # Explicitly check for Grype DB in Git Cache
     - name: Check Git Cache for Grype DB
       id: grype_db_git_cache
       uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
       with:
         # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS
         path: ~/.cache/grype/db
+        # Given the DB should not be less than 5 days old let's refetch it at least once per day
         key: |
-          cache_grype_db_v${{ steps.grype_metadata.outputs.grype_db_schema }}
+          cache_grype_db_v${{ steps.grype_metadata.outputs.grype_db_schema }}_${{ steps.date.outputs.date }}
 
      # Explicitly check for Grype DB in specified mirror
     - name: Parse Grype DB cache input
@@ -334,4 +340,4 @@ runs:
         severity-cutoff: ${{ steps.meta.outputs.global_severity_cutoff }}
         grype-version: ${{ steps.grype_install.outputs.grype_version }}
       env:
-        GRYPE_DB_AUTO_UPDATE: false # Use grype db cache from grype step above
+        GRYPE_DB_AUTO_UPDATE: false # Use grype db cache from grype step above