From 2a5bb93583b28d8336765fbcfbd777b3798f2eb3 Mon Sep 17 00:00:00 2001
From: Dimitris Karakasilis <dimitris@karakasilis.me>
Date: Thu, 3 Oct 2024 13:56:01 +0300
Subject: [PATCH] Cache even more trivy (#2914)

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---
 .github/workflows/image-arm-pr.yaml | 24 ++++++++++++++++++++++
 .github/workflows/image-arm.yaml    | 32 +++++++++++++++++++++++++++--
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/image-arm-pr.yaml b/.github/workflows/image-arm-pr.yaml
index 4943ba73c..097cb219e 100644
--- a/.github/workflows/image-arm-pr.yaml
+++ b/.github/workflows/image-arm-pr.yaml
@@ -13,9 +13,31 @@ env:
   FORCE_COLOR: 1
   EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }}
 jobs:
+  # Populate the trivy cache once for all later jobs to use
+  trivy-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: 0
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: Restore trivy cache
+        uses: yogeshlonkar/trivy-cache-action@v0
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Populate trivy Cache
+        run: |
+          [ ! -d ".trivy" ] && mkdir -p ".trivy"
+          earthly +trivy-download-db --DIR .trivy
   opensuse:
     uses: ./.github/workflows/reusable-docker-arm-build.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       id-token: write  # OIDC support
       contents: write
@@ -41,6 +63,8 @@ jobs:
   alpine:
     uses: ./.github/workflows/reusable-docker-arm-build.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       id-token: write  # OIDC support
       contents: write
diff --git a/.github/workflows/image-arm.yaml b/.github/workflows/image-arm.yaml
index 8094394a7..4b7368e8f 100644
--- a/.github/workflows/image-arm.yaml
+++ b/.github/workflows/image-arm.yaml
@@ -81,8 +81,31 @@ jobs:
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
 
+  # Populate the trivy cache once for all later jobs to use
+  trivy-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: 0
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: Restore trivy cache
+        uses: yogeshlonkar/trivy-cache-action@v0
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Populate trivy Cache
+        run: |
+          [ ! -d ".trivy" ] && mkdir -p ".trivy"
+          earthly +trivy-download-db --DIR .trivy
+
   build-nvidia-base:
     runs-on: fast
+    needs:
+      - trivy-cache
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
@@ -184,7 +207,9 @@ jobs:
       pull-requests: read
       repository-projects: read
       statuses: read
-    needs: build-nvidia-base
+    needs:
+      - build-nvidia-base
+      - trivy-cache
     secrets: inherit
     with:
       flavor: ubuntu
@@ -220,13 +245,16 @@ jobs:
       base_image: ${{ matrix.baseImage }}
       worker: ${{ matrix.worker }}
     needs:
-    - get-core-matrix
+      - get-core-matrix
+      - trivy-cache
     strategy:
       fail-fast: false
       matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}}
 
   image_and_iso_arm64_generic:
     uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml
+    needs:
+      - trivy-cache
     secrets: inherit
     with:
       flavor: "opensuse"