From d2377317480e1bcb3cae71575bc012a58d11b42d Mon Sep 17 00:00:00 2001
From: Aishling Cooke <aishling.cooke@scilifelab.se>
Date: Tue, 23 Jul 2024 15:55:13 +0200
Subject: [PATCH 1/4] DDS-2019: Remove branches keyword from workflow_dispatch

- branches keyword is not valid under the workflow_dispatch event.
---
 .github/workflows/publish_and_trivyscan.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish_and_trivyscan.yml b/.github/workflows/publish_and_trivyscan.yml
index 450d0dcdd..5cfdd0aa6 100644
--- a/.github/workflows/publish_and_trivyscan.yml
+++ b/.github/workflows/publish_and_trivyscan.yml
@@ -15,7 +15,6 @@
 name: Publish to GHCR (+ Trivy scan)
 on:
   workflow_dispatch:
-    branches: [dev]
   pull_request:
   push:
     branches:

From 8fc135b52cc4ef89cbef6ed569386b50b2a16db3 Mon Sep 17 00:00:00 2001
From: Aishling Cooke <aishling.cooke@scilifelab.se>
Date: Tue, 23 Jul 2024 15:56:53 +0200
Subject: [PATCH 2/4] DDS-2019: Remove workflow_dispatch event from both
 scheduled Trivy scans

- branches keyword is not valid under the workflow_dispatch event.
- Futhermore, this scan seems like it only needs to run on schedule,
given that we have 2 other Trivy jobs that are available on demand.
---
 .github/workflows/trivy-scheduled-dev.yml    | 5 +----
 .github/workflows/trivy-scheduled-master.yml | 3 ---
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml
index b055362c4..b7be4f0b4 100644
--- a/.github/workflows/trivy-scheduled-dev.yml
+++ b/.github/workflows/trivy-scheduled-dev.yml
@@ -6,10 +6,7 @@
 # ---------------------------------
 name: Trivy - ghcr image scan - dev
 on:
-  workflow_dispatch:
-    branches:
-      - dev
-  schedule:
+  schedule: # Since dev is the default branch of the repo don't specify
     - cron: "0 9,12,15 * * *"
 jobs:
   scan:
diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml
index 238f0b266..535aee3f7 100644
--- a/.github/workflows/trivy-scheduled-master.yml
+++ b/.github/workflows/trivy-scheduled-master.yml
@@ -6,9 +6,6 @@
 # ---------------------------------
 name: Trivy - ghcr image scan - master
 on:
-  workflow_dispatch:
-    branches:
-      - master
   schedule:
     - cron: "0 7,15 * * *"
 jobs:

From 4b0251523fd9e6c5b029ef938fb4645c29cc6aa2 Mon Sep 17 00:00:00 2001
From: Aishling Cooke <aishling.cooke@scilifelab.se>
Date: Tue, 23 Jul 2024 15:58:44 +0200
Subject: [PATCH 3/4] Update Trivy Action to v3

- v2 will be deprecated at end of 2024.
---
 .github/workflows/publish_and_trivyscan.yml  | 2 +-
 .github/workflows/trivy-scan-branch.yml      | 2 +-
 .github/workflows/trivy-scheduled-dev.yml    | 4 ++--
 .github/workflows/trivy-scheduled-master.yml | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/publish_and_trivyscan.yml b/.github/workflows/publish_and_trivyscan.yml
index 5cfdd0aa6..f39ab382e 100644
--- a/.github/workflows/publish_and_trivyscan.yml
+++ b/.github/workflows/publish_and_trivyscan.yml
@@ -94,7 +94,7 @@ jobs:
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
       - name: Upload Trivy scan results to Github Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"
           category: trivy-build
diff --git a/.github/workflows/trivy-scan-branch.yml b/.github/workflows/trivy-scan-branch.yml
index 777e9a633..e17032ce5 100644
--- a/.github/workflows/trivy-scan-branch.yml
+++ b/.github/workflows/trivy-scan-branch.yml
@@ -31,7 +31,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"
           category: trivy
diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml
index b7be4f0b4..1399be061 100644
--- a/.github/workflows/trivy-scheduled-dev.yml
+++ b/.github/workflows/trivy-scheduled-dev.yml
@@ -23,7 +23,7 @@ jobs:
         run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV
 
       - name: Run Trivy on latest dev image
-        uses: aquasecurity/trivy-action@0.7.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev"
           format: "sarif"
@@ -31,7 +31,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to dev branch GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-dev.sarif"
           category: trivy-dev
diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml
index 535aee3f7..4ef9fa58b 100644
--- a/.github/workflows/trivy-scheduled-master.yml
+++ b/.github/workflows/trivy-scheduled-master.yml
@@ -25,7 +25,7 @@ jobs:
         run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV
 
       - name: Run Trivy on latest release image
-        uses: aquasecurity/trivy-action@0.7.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:latest"
           format: "sarif"
@@ -33,7 +33,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to master branch GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-master.sarif"
           category: trivy-master

From 7a77029927cff5ba7b54b87c99d67454bb7dab86 Mon Sep 17 00:00:00 2001
From: Aishling Cooke <aishling.cooke@scilifelab.se>
Date: Tue, 23 Jul 2024 16:10:24 +0200
Subject: [PATCH 4/4] Update SPRINTLOG.md

---
 SPRINTLOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SPRINTLOG.md b/SPRINTLOG.md
index 8fc511790..a89fde3a2 100644
--- a/SPRINTLOG.md
+++ b/SPRINTLOG.md
@@ -411,3 +411,4 @@ _Nothing merged in CLI during this sprint_
 - Small updates to Technical Overview contents ([#1540](https://github.com/ScilifelabDataCentre/dds_web/pull/1540))
 - Build Technical Overview PDF in GitHub Actions, rename to include DDS and remove option to view on GitHub ([#1541](https://github.com/ScilifelabDataCentre/dds_web/pull/1541/))
 - Fixed index out of range when listing files from root ([#1543](https://github.com/ScilifelabDataCentre/dds_web/pull/1543/))
+- Update Trivy GitHub Actions ([#1545](https://github.com/ScilifelabDataCentre/dds_web/pull/1545))