From 5a92fc635071104597af6f5b83f1836829a319b5 Mon Sep 17 00:00:00 2001
From: Tianhao-Gu <tgu@anl.gov>
Date: Wed, 21 Aug 2024 11:50:25 -0500
Subject: [PATCH] try template

---
 .github/workflows/pr_build.yml |  2 +-
 .github/workflows/trivy.yml    | 15 +++------------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index 0fa1c46..f37674d 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -39,5 +39,5 @@ jobs:
     secrets: inherit
   trivy-scans:
     if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false
-    uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main
+    uses: ./.github/workflows/trivy.yml
     secrets: inherit
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index ee0342d..6fe7662 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -1,18 +1,7 @@
 name: "Trivy Scans"
 
 on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-  push:
-    # run workflow when merging to main or develop
-    branches:
-      - main
-      - master
-      - develop
+    workflow_call:
 
 jobs:
   build:
@@ -31,6 +20,7 @@ jobs:
           git config --global --add safe.directory $GITHUB_WORKSPACE;
           docker build -t trivy-test .
 
+      # Copied from https://github.com/kbase/.github/blob/main/.github/workflows/reusable_trivy-scans.yml
       - name: Check for log4j CVEs
         run: |
           set -e
@@ -50,6 +40,7 @@ jobs:
         with:
           image-ref: "trivy-test"
           format: "sarif"
+          template: "@/contrib/sarif.tpl"
           output: "trivy-results.sarif"
           timeout: "20m0s"
           ignore-unfixed: true