Fix pre-commit pipeline: replace broken trivy installation with apt-based install

.github/workflows/pre-commit.yml

@@ -9,7 +9,6 @@ on:
 env:
   TF_DOCS_VERSION: v0.19.0
   TFLINT_VERSION: v0.53.0
-  TRIVY_VERSION: 0.58.0
 permissions:
   contents: read
 jobs:
@@ -55,9 +54,13 @@ jobs:
           chmod +x terraform-docs
           mv terraform-docs /usr/local/bin/
       - name: Setup trivy
+        # Using apt repo to avoid dependency on aquasecurity/trivy git repo (which broke setup-trivy action).
+        # Installs the latest available trivy version; pin by appending =VERSION to the apt-get install line if needed.
         run: |
-          wget https://github.com/aquasecurity/trivy/releases/download/v${{env.TRIVY_VERSION}}/trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb
-          sudo dpkg -i trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
+          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update
+          sudo apt-get install -y trivy
       - name: Pre-commit checks
         uses: pre-commit/action@v3.0.1
       - name: pre-commit-ci-lite

renovate.json

@@ -30,17 +30,6 @@
             ],
             "datasourceTemplate": "github-releases"
         },
-        {
-            "customType": "regex",
-            "managerFilePatterns": [
-                "/.github/workflows/pre-commit.yml/"
-            ],
-            "depNameTemplate": "aquasecurity/trivy",
-            "matchStrings": [
-                "TRIVY_VERSION=\"(?<currentValue>.*?)\""
-            ],
-            "datasourceTemplate": "github-releases"
-        },
         {
             "customType": "regex",
             "managerFilePatterns": [