OBaaS Image - remove restricted action (#796)

gotsysdba · web-flow · commit 989a30b419b0 · 2023-12-01T15:12:18.000Z
* Add workflow

* Update obaas-base-image.yml

Change usage to comply with action restrictions
diff --git a/.github/workflows/obaas-base-image.yml b/.github/workflows/obaas-base-image.yml
@@ -44,14 +44,14 @@ jobs:
       - name: Run Trivy Vulnerability Scanner
         id: trivy_scan
         if: env.latest_digest != ''
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ghcr.io/${{ github.repository_owner }}/${{ env.dst_img }}:latest
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_DEFAULT: "--format table --ignore-unfixed --exit-code 1"
+          TRIVY_SCAN: "--severity CRITICAL,HIGH --vuln-type os,library"
+        run: >
+          docker run --rm ghcr.io/aquasecurity/trivy:latest image $TRIVY_DEFAULT $TRIVY_SCAN
+          --username ${{ github.actor }}
+          --password ${{ secrets.GITHUB_TOKEN }}
+          ghcr.io/${{ github.repository_owner }}/${{ env.dst_img }}:latest
         continue-on-error: true
 
       - name: Update Existing Image
