Update Trivy (#6)

* test trivy

* no branch

* Add if for GHA

* check trivy

.github/workflows/deploy.yml

@@ -52,7 +52,7 @@ jobs:
           tags: |
             type=raw,value=latest
             type=semver,prefix=v,pattern={{version}}
-            type=semver,prefix=v,pattern={{major}}
+            type=semver,prefix=v,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
             type=semver,prefix=v,pattern={{major}}.{{minor}}
 
       - name: Container - Build & Push

.github/workflows/trivy.yml

@@ -27,20 +27,20 @@ jobs:
 
       - name: Container - Scan - Upload results
         uses: github/codeql-action/upload-sarif@v1
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         with:
           sarif_file: "trivy-results.sarif"
 
       - name: Jira Login
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         uses: atlassian/gajira-login@master
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
           JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
 
       - name: Jira Issue
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         uses: atlassian/gajira-create@master
         with:
           project: ${{ secrets.JIRA_TRIVY_PROJECT }}

.gitignore

@@ -0,0 +1 @@
+trivy-results.sarif

Dockerfile

@@ -3,7 +3,7 @@ FROM adoptopenjdk/openjdk11:jre-11.0.11_9-alpine@sha256:c069efc08cd8898458087ced
 WORKDIR /opt/docker/bin
 EXPOSE 9000
 
-RUN apk --update-cache upgrade;\
+RUN apk --update-cache upgrade; \
     apk add bash; \
     rm -rf /var/cache/apk/*