From aa3c5fbf1fc6c311ebea7331a3cc1a34796f4abf Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sat, 31 May 2025 10:56:31 +0100
Subject: [PATCH] fix(ci): manually config Trivy

---
 .gitea/workflows/ci.yml | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 99c93c7..753800e 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -70,9 +70,16 @@ jobs:
       #     command: snyk
       #     args: test --all-projects
 
-      - name: Trivy Vulnerability Scan
-        uses: aquasecurity/trivy-action@0.30.0
+      - name: Manual Trivy Setup
+        uses: aquasecurity/setup-trivy@v0.2.0
         with:
+          cache: true
+          version: v0.61.1
+
+      - name: Trivy Vulnerability Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          skip-setup-trivy: true
           scan-type: "fs"
           scan-ref: "${{ gitea.workspace }}"
           exit-code: "1"
@@ -80,3 +87,15 @@ jobs:
           format: "table"
           severity: "CRITICAL,HIGH,MEDIUM"
           scanners: "vuln,secret,misconfig,license"
+      
+      # - name: Trivy Vulnerability Scan (Docker)
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     skip-setup-trivy: true
+      #     image-ref: "docker.io/my-organization/my-app:${{ github.sha }}"
+      #     format: "table"
+      #     exit-code: "1"
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: "CRITICAL,HIGH,MEDIUM"
+