Merge pull request #4 from TerabyteTribune/fork-actions

Morpheus636 · web-flow · commit be49d5409db7 · 2023-12-30T17:57:47.000-05:00
do not run trivy in fork
diff --git a/.github/workflows/fork-build.yml b/.github/workflows/fork-build.yml
@@ -35,19 +35,19 @@ jobs:
           docker-compose -f docker-compose.test.yml up -d wordpress
           docker-compose -f docker-compose.test.yml run sut
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-results.sarif"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule')
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: "trivy-results.sarif"
+#      - name: Run Trivy vulnerability scanner
+#        uses: aquasecurity/trivy-action@master
+#        with:
+#          image-ref: "${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
+#          format: "template"
+#          template: "@/contrib/sarif.tpl"
+#          output: "trivy-results.sarif"
+#
+#      - name: Upload Trivy scan results to GitHub Security tab
+#        if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule')
+#        uses: github/codeql-action/upload-sarif@v1
+#        with:
+#          sarif_file: "trivy-results.sarif"
 
       - name: Login to Docker Hub
         if: (github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule' )) || contains(github.ref, 'refs/tags/')
