From 4c4be577d3e681daad2334fe6e5c39cf424f59ea Mon Sep 17 00:00:00 2001
From: Andrew Gouin <andrew@gouin.io>
Date: Thu, 26 Oct 2023 09:52:20 -0600
Subject: [PATCH] Run trivy on image in PR (#379)

* Run trivy on image in PR

* meta output tags includes image name

* Use fromJSON

* use outputs.json
---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8c97d7c6..91227714 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -60,7 +60,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}'
+          image-ref: '${{ fromJSON(steps.meta.outputs.json).tags[0] }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true