From e3b1a93af11cfd03f9fb43286761ac10b83ddd43 Mon Sep 17 00:00:00 2001
From: Piotr Perzyna <piotr.perzyna@dataswift.io>
Date: Wed, 11 Aug 2021 11:42:22 +0200
Subject: [PATCH] Update Trivy (#6)

* test trivy

* no branch

* Add if for GHA

* check trivy
---
 .github/workflows/deploy.yml | 2 +-
 .github/workflows/trivy.yml  | 6 +++---
 .gitignore                   | 1 +
 Dockerfile                   | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)
 create mode 100644 .gitignore

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 0c2b63b..e4f95e4 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -52,7 +52,7 @@ jobs:
           tags: |
             type=raw,value=latest
             type=semver,prefix=v,pattern={{version}}
-            type=semver,prefix=v,pattern={{major}}
+            type=semver,prefix=v,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
             type=semver,prefix=v,pattern={{major}}.{{minor}}
 
       - name: Container - Build & Push
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index e486df1..df89b5b 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -27,12 +27,12 @@ jobs:
 
       - name: Container - Scan - Upload results
         uses: github/codeql-action/upload-sarif@v1
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         with:
           sarif_file: "trivy-results.sarif"
 
       - name: Jira Login
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         uses: atlassian/gajira-login@master
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
@@ -40,7 +40,7 @@ jobs:
           JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
 
       - name: Jira Issue
-        if: ${{ failure() }} && github.event_name == 'schedule'
+        if: ${{ failure() && github.event_name == 'schedule' && github.ref == 'refs/heads/main' }}
         uses: atlassian/gajira-create@master
         with:
           project: ${{ secrets.JIRA_TRIVY_PROJECT }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ec7e569
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+trivy-results.sarif
diff --git a/Dockerfile b/Dockerfile
index 1f07bea..6dedad5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@ FROM adoptopenjdk/openjdk11:jre-11.0.11_9-alpine@sha256:c069efc08cd8898458087ced
 WORKDIR /opt/docker/bin
 EXPOSE 9000
 
-RUN apk --update-cache upgrade;\
+RUN apk --update-cache upgrade; \
     apk add bash; \
     rm -rf /var/cache/apk/*