fix(ci): disable trivy-scan-repo

jsjoeio · jsjoeio · commit 510ff9c9f82f · 2021-05-11T10:26:04.000-07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -461,30 +461,30 @@ jobs:
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: "trivy-image-results.sarif"
-
   # We have to use two trivy jobs
   # because GitHub only allows
   # codeql/upload-sarif action per job
   trivy-scan-repo:
     runs-on: ubuntu-20.04
-
+    # NOTE@jsjoeio 5/10/2021
+    # Disabling until fixed upstream
+    # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
+    if: "1 == 2"
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
-        with:
-          scan-type: "fs"
-          scan-ref: "."
-          ignore-unfixed: true
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-repo-results.sarif"
-          severity: "HIGH,CRITICAL"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: "trivy-repo-results.sarif"
+  Commit SHA for v0.0.14
+    uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+    with:
+      scan-type: "fs"
+      scan-ref: "."
+      ignore-unfixed: true
+      format: "template"
+      template: "@/contrib/sarif.tpl"
+      output: "trivy-repo-results.sarif"
+      severity: "HIGH,CRITICAL"
+  - name: Upload Trivy scan results to GitHub Security tab
+    uses: github/codeql-action/upload-sarif@v1
+    with:
+      sarif_file: "trivy-repo-results.sarif"
