From c42a8a8e202a1ae0e8ec1abe2d276283c0ed5e87 Mon Sep 17 00:00:00 2001
From: Michael Beemer <beeme1mr@users.noreply.github.com>
Date: Fri, 18 Oct 2024 14:43:04 -0400
Subject: [PATCH 1/2] ci: fix security scan input path

Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>
---
 .github/workflows/build.yaml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index a0b3d9ed1..74a19fc1d 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -15,9 +15,6 @@ on:
       - "README.md"
       - "docs/**"
 
-env:
-  GO_VERSION: '~1.21'
-
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -30,7 +27,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: 'flagd/go.mod'
       - run: make workspace-init
       - run: make lint
 
@@ -42,7 +39,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: 'flagd/go.mod'
       - run: make workspace-init
       - run: make generate-docs
       - name: Check no diff
@@ -60,7 +57,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: 'flagd/go.mod'
       - run: make workspace-init
       - run: make test
       - name: Upload coverage to Codecov
@@ -78,7 +75,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: 'flagd/go.mod'
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@master
@@ -100,7 +97,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          input: /github/workspace/flagd-local.tar
+          input: ${{ github.workspace }}/flagd-local.tar
           format: "template"
           template: "@/contrib/sarif.tpl"
           output: "trivy-results.sarif"
@@ -123,7 +120,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: 'flagd/go.mod'
 
       - name: Workspace init
         run: make workspace-init

From 201b5f313cb24add75380ada5bcd6ba9615dc5e7 Mon Sep 17 00:00:00 2001
From: Michael Beemer <beeme1mr@users.noreply.github.com>
Date: Fri, 18 Oct 2024 14:50:47 -0400
Subject: [PATCH 2/2] chore: update deprecated trivy config

https://github.com/aquasecurity/trivy/discussions/1571

Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>
---
 .github/workflows/build.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 74a19fc1d..02961e980 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -98,8 +98,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           input: ${{ github.workspace }}/flagd-local.tar
-          format: "template"
-          template: "@/contrib/sarif.tpl"
+          format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"