fix: add workaround for missing JUnit template

Author: stempler

action.yml

@@ -155,6 +155,42 @@ runs:
         version: v0.69.3
         cache: true
 
+    - name: Ensure Trivy JUnit template
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        TEMPLATE_PATH="$HOME/.local/bin/trivy-bin/contrib/junit.tpl"
+
+        # If the template already exists, nothing to do
+        if [ -f "$TEMPLATE_PATH" ]; then
+          echo "Trivy JUnit template already present at $TEMPLATE_PATH"
+          exit 0
+        fi
+
+        mkdir -p "$(dirname "$TEMPLATE_PATH")"
+
+        # Determine installed Trivy version
+        TRIVY_VERSION_RAW="$(trivy --version | awk '/Version:/ {print $2}' || true)"
+        if [ -z "$TRIVY_VERSION_RAW" ]; then
+          echo "::error::Could not determine Trivy version from 'trivy --version'"
+          trivy --version || true
+          exit 1
+        fi
+
+        # Normalize to tag format (ensure leading "v")
+        TRIVY_TAG="v${TRIVY_VERSION_RAW#v}"
+
+        TEMPLATE_URL="https://raw.githubusercontent.com/aquasecurity/trivy/${TRIVY_TAG}/contrib/junit.tpl"
+        echo "Downloading Trivy JUnit template from ${TEMPLATE_URL}"
+
+        if ! curl -fsSL "$TEMPLATE_URL" -o "$TEMPLATE_PATH"; then
+          echo "::error::Failed to download Trivy JUnit template from ${TEMPLATE_URL}"
+          exit 1
+        fi
+
+        echo "Trivy JUnit template downloaded to $TEMPLATE_PATH"
+
     - name: Restore trivy cache
       id: cache-trivy-restore
       uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3