From 497b00add38c752d2593e070b964806bf0e90fc1 Mon Sep 17 00:00:00 2001
From: chgl <chgl@users.noreply.github.com>
Date: Sun, 5 Nov 2023 18:17:26 +0100
Subject: [PATCH] ci: allow setting the image tag to scan

---
 .github/workflows/schedule.yaml          | 1 +
 .github/workflows/standard-schedule.yaml | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
index 721ce0c..2927629 100644
--- a/.github/workflows/schedule.yaml
+++ b/.github/workflows/schedule.yaml
@@ -17,5 +17,6 @@ jobs:
       security-events: write
     with:
       image: ghcr.io/miracum/github-reusable-workflow
+      image-tag: master
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/standard-schedule.yaml b/.github/workflows/standard-schedule.yaml
index 1fb7bfc..86fb98e 100644
--- a/.github/workflows/standard-schedule.yaml
+++ b/.github/workflows/standard-schedule.yaml
@@ -15,6 +15,11 @@ on:
         required: false
         default: "ghcr.io/${{ github.repository }}"
         type: string
+      image-tag:
+        description: "The image tag to scan with trivy"
+        required: false
+        default: "latest"
+        type: string
     secrets:
       github-token:
         description: "The GitHub workflow token used to push to ghcr.io. Also used by MegaLinter"
@@ -71,7 +76,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1
         with:
-          image-ref: "${{ inputs.image }}:latest"
+          image-ref: "${{ inputs.image }}:${{ inputs.image-tag }}"
           format: "template"
           template: "@/contrib/sarif.tpl"
           output: "trivy-results.sarif"