only run trivy scan on image bumps

bertiethorpe · bertiethorpe · commit e419a10ca901 · 2024-10-03T14:56:18.000Z
diff --git a/.github/workflows/trivyscan.yml b/.github/workflows/trivyscan.yml
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - ci/nightly-builds
+    paths:
+      - 'environments/.stackhpc/terraform/cluster_image.json'
 
 jobs:
   scan:
diff --git a/environments/.stackhpc/terraform/main.tf b/environments/.stackhpc/terraform/main.tf
@@ -25,10 +25,14 @@ variable "os_version" {
   default = "RL9"
 }
 
+locals {
+  image_names = jsondecode(file("./cluster_image.json"))
+}
+
 variable "cluster_image" {
     description = "single image for all cluster nodes, keyed by os_version - a convenience for CI"
     type = map(string)
-    default = jsondecode(file("./cluster_image.json"))
+    default = locals.image_names
 }
 
 variable "cluster_net" {}

Original file line number	Diff line number	Diff line change
`@@ -25,10 +25,14 @@ variable "os_version" {`
`25`	`25`	`default = "RL9"`
`26`	`26`	`}`
`27`	`27`
	`28`	`+locals {`
	`29`	`+ image_names = jsondecode(file("./cluster_image.json"))`
	`30`	`+}`
	`31`	`+`
`28`	`32`	`variable "cluster_image" {`
`29`	`33`	`description = "single image for all cluster nodes, keyed by os_version - a convenience for CI"`
`30`	`34`	`type = map(string)`
`31`		`- default = jsondecode(file("./cluster_image.json"))`
	`35`	`+ default = locals.image_names`
`32`	`36`	`}`
`33`	`37`
`34`	`38`	`variable "cluster_net" {}`