From 113751ef80292ce9689d386e13b2251bc6ec7b3f Mon Sep 17 00:00:00 2001
From: Maksim Nabokikh <maksim.nabokikh@flant.com>
Date: Thu, 31 Oct 2024 13:01:46 +0100
Subject: [PATCH] Fix trivydb TOOMANYREQUESTS error (#3819)

Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
---
 .github/workflows/artifacts.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
index b9ed33fc1a..54e9644585 100644
--- a/.github/workflows/artifacts.yaml
+++ b/.github/workflows/artifacts.yaml
@@ -192,12 +192,35 @@ jobs:
           push-to-registry: true
         if: inputs.publish
 
+      ## Use cache for the trivy-db to avoid the TOOMANYREQUESTS error https://github.com/aquasecurity/trivy-action/pull/397
+      ## To avoid the trivy-db becoming outdated, we save the cache for one day
+      - name: Get data
+        id: date
+        run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
+
+      - name: Restore trivy cache
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # 4.1.2
+        with:
+          path: cache/db
+          key: trivy-cache-${{ steps.date.outputs.date }}
+          restore-keys:
+            trivy-cache-
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
         with:
           input: image
           format: sarif
           output: trivy-results.sarif
+          scan-type: 'fs'
+          scan-ref: '.'
+          cache-dir: "./cache"
+
+      ## Trivy-db uses `0600` permissions.
+      ## But `action/cache` use `runner` user by default
+      ## So we need to change the permissions before caching the database.
+      - name: change permissions for trivy.db
+        run: sudo chmod 0644 ./cache/db/trivy.db
 
       - name: Upload Trivy scan results as artifact
         uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0