.github/workflows/trivy-scan.yml

name: Trivy Vulnerability Scan (Repo mode)

on:
  workflow_dispatch:

jobs:
  run_trivy_scan:
    name: Run Trivy Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: spring-io/spring-gradle-build-action@v2
      - name: Build
        run: |
          ./gradlew clean build -x integrationTest -x test
          curdir=$(pwd)
          echo "*** BONO curdir = $curdir"
          mkdir $curdir/maven-repo-local
          echo "*** BONO created..."
          mrl=$(ls $curdir/maven-repo-local)
          echo $mrl
          ./gradlew --info -Dmaven.repo.local=$curdir/maven-repo-local pTML
          echo "*** BONO after pTML..."
          mrl=$(ls $curdir/maven-repo-local)
          echo $mrl
      - name: Run Trivy scan in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          scan-ref: '/github/workspace/maven-repo-local/org/springframework/pulsar'
          trivy-config: trivy.yaml
          format: 'table'
          exit-code: 0
      - name: Upload Trivy scan results
        uses: actions/upload-artifact@v3
        with:
          name: trivy-results
          path: /home/runner/work/spring-pulsar/spring-pulsar/trivy-results.txt'
          retention-days: 3