From fb0fa64c085be6b72570db0ede9818dd695fa92b Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Mon, 28 Oct 2024 19:27:14 -0700
Subject: [PATCH 1/5] Attempt to fix trivy db download error due to too many
 calls by logginginto ghcr

---
 .github/workflows/trivy.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index b294ba7..aa81759 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -26,6 +26,9 @@ jobs:
     name: Build
     runs-on: "ubuntu-20.04"
     steps:
+      - name: Authenticate to GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:

From 6b3f40743b1ebf1d2aa856b3a1b1fc05789e2791 Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Mon, 28 Oct 2024 19:50:51 -0700
Subject: [PATCH 2/5] Use the docker login action to log into the registry

---
 .github/workflows/trivy.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index aa81759..8d22940 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -14,6 +14,10 @@ on:
   schedule:
     - cron: '19 14 * * 5'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 permissions:
   contents: read
 
@@ -26,8 +30,15 @@ jobs:
     name: Build
     runs-on: "ubuntu-20.04"
     steps:
-      - name: Authenticate to GitHub Container Registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      # - name: Authenticate to GitHub Container Registry
+      #   run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Log into registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
         
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

From b91cbd892dff7839d2eb3debfc29349cb3a397cb Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Mon, 28 Oct 2024 19:59:00 -0700
Subject: [PATCH 3/5] This should have been commited in another PR?!

---
 scripts/20_install_microsoft_dev_container_features.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/20_install_microsoft_dev_container_features.sh b/scripts/20_install_microsoft_dev_container_features.sh
index 4986c3e..6cb9a24 100755
--- a/scripts/20_install_microsoft_dev_container_features.sh
+++ b/scripts/20_install_microsoft_dev_container_features.sh
@@ -9,7 +9,7 @@ IFS=$'\n\t'
 # See: https://github.com/devcontainers/features
 main() {
   source "/usr/bin/lib/sh/log.sh"
-  log "20-install-microsoft-dev-container-features.sh" "blue"
+  log "20_install_microsoft_dev_container_features.sh" "blue"
 
   log "Exporting zshell variables" "green"
   export CONFIGUREZSHASDEFAULTSHELL=true

From 57006e3d52e34b73a62ff6762e9c2ffe2c05e4bf Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Mon, 28 Oct 2024 20:06:09 -0700
Subject: [PATCH 4/5] Switch tot he docker/build-push-action and pass the
 github token to fix api exhaustion

---
 .github/workflows/trivy.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 8d22940..90829ea 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -48,9 +48,16 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Build an image from Dockerfile
-        run: |
-          docker build -t ghcr.io/sarg3nt/go-docker-container:${{ github.sha }} .
+      # - name: Build an image from Dockerfile
+      #   run: |
+      #     docker build -t ghcr.io/sarg3nt/go-docker-container:${{ github.sha }} .
+      - name: Build and push Docker image
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        with:
+          context: .
+          push: false
+          tags: ${{ github.sha }}
+          secrets: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe

From ece7f81ee13b490a96414c4b64e2b0240c805fee Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Mon, 28 Oct 2024 20:11:51 -0700
Subject: [PATCH 5/5] Clean up trivy.yml file The secrets does not seem
 necessary and throws a warning.

---
 .github/workflows/trivy.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 90829ea..2b96d7a 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -48,16 +48,12 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      # - name: Build an image from Dockerfile
-      #   run: |
-      #     docker build -t ghcr.io/sarg3nt/go-docker-container:${{ github.sha }} .
       - name: Build and push Docker image
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           push: false
           tags: ${{ github.sha }}
-          secrets: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe