From 182e7b3d1e44f99471f92b638d19d80db13c3502 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Mar 2026 06:46:39 +0000 Subject: [PATCH 1/3] Initial plan From e34dc79fdf845e4bf2793bba27e5756dda3fb05f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Mar 2026 06:52:01 +0000 Subject: [PATCH 2/3] Fix precommit failing due to trivy installation 404 error Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 8 ++++---- renovate.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 2d5d1c37e..49a2fc4b5 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -9,7 +9,7 @@ on: env: TF_DOCS_VERSION: v0.19.0 TFLINT_VERSION: v0.53.0 - TRIVY_VERSION: 0.58.0 + TRIVY_VERSION: 0.69.1 permissions: contents: read jobs: @@ -55,9 +55,9 @@ jobs: chmod +x terraform-docs mv terraform-docs /usr/local/bin/ - name: Setup trivy - run: | - wget https://github.com/aquasecurity/trivy/releases/download/v${{env.TRIVY_VERSION}}/trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb - sudo dpkg -i trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb + uses: aquasecurity/setup-trivy@v0.2.5 + with: + version: v${{env.TRIVY_VERSION}} - name: Pre-commit checks uses: pre-commit/action@v3.0.1 - name: pre-commit-ci-lite diff --git a/renovate.json b/renovate.json index db3f65c79..0657e8177 100644 --- a/renovate.json +++ b/renovate.json @@ -37,7 +37,7 @@ ], "depNameTemplate": "aquasecurity/trivy", "matchStrings": [ - "TRIVY_VERSION=\"(?.*?)\"" + "TRIVY_VERSION:\\s+(?[^\\s]+)" ], "datasourceTemplate": "github-releases" }, From 1c5ab40c1d6aadfc9f5358b1b2927da903dcf9a8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Mar 2026 06:59:25 +0000 Subject: [PATCH 3/3] Fix trivy install: use apt repo instead of broken setup-trivy action Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 11 +++++++---- renovate.json | 11 ----------- 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 49a2fc4b5..dd13c1e74 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -9,7 +9,6 @@ on: env: TF_DOCS_VERSION: v0.19.0 TFLINT_VERSION: v0.53.0 - TRIVY_VERSION: 0.69.1 permissions: contents: read jobs: @@ -55,9 +54,13 @@ jobs: chmod +x terraform-docs mv terraform-docs /usr/local/bin/ - name: Setup trivy - uses: aquasecurity/setup-trivy@v0.2.5 - with: - version: v${{env.TRIVY_VERSION}} + # Using apt repo to avoid dependency on aquasecurity/trivy git repo (which broke setup-trivy action). + # Installs the latest available trivy version; pin by appending =VERSION to the apt-get install line if needed. + run: | + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null + echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install -y trivy - name: Pre-commit checks uses: pre-commit/action@v3.0.1 - name: pre-commit-ci-lite diff --git a/renovate.json b/renovate.json index 0657e8177..2d225e022 100644 --- a/renovate.json +++ b/renovate.json @@ -30,17 +30,6 @@ ], "datasourceTemplate": "github-releases" }, - { - "customType": "regex", - "managerFilePatterns": [ - "/.github/workflows/pre-commit.yml/" - ], - "depNameTemplate": "aquasecurity/trivy", - "matchStrings": [ - "TRIVY_VERSION:\\s+(?[^\\s]+)" - ], - "datasourceTemplate": "github-releases" - }, { "customType": "regex", "managerFilePatterns": [