ci: allow setting the image tag to scan

miracum · Nov 5, 2023 · 497b00a · 497b00a
1 parent f35ef9c
commit 497b00a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
@@ -17,5 +17,6 @@ jobs:
       security-events: write
     with:
       image: ghcr.io/miracum/github-reusable-workflow
+      image-tag: master
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/standard-schedule.yaml b/.github/workflows/standard-schedule.yaml
@@ -15,6 +15,11 @@ on:
         required: false
         default: "ghcr.io/${{ github.repository }}"
         type: string
+      image-tag:
+        description: "The image tag to scan with trivy"
+        required: false
+        default: "latest"
+        type: string
     secrets:
       github-token:
         description: "The GitHub workflow token used to push to ghcr.io. Also used by MegaLinter"
@@ -71,7 +76,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1
         with:
-          image-ref: "${{ inputs.image }}:latest"
+          image-ref: "${{ inputs.image }}:${{ inputs.image-tag }}"
           format: "template"
           template: "@/contrib/sarif.tpl"
           output: "trivy-results.sarif"