From 4f7e602a4dea78620c9f7142ef5e5c8bdca5f210 Mon Sep 17 00:00:00 2001
From: Ivan Valdes <ivan@vald.es>
Date: Wed, 2 Oct 2024 12:52:41 -0700
Subject: [PATCH] github/workflows: use ECR mirror for Trivy's DB

GitHub Container Registry is returning a TOOMANYREQUESTS error. Switch
to AWS ECR mirror, as suggested in
https://github.com/aquasecurity/trivy-action/issues/389.

Signed-off-by: Ivan Valdes <ivan@vald.es>
---
 .github/workflows/release.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 550731523e1..b2a8bb6e7ea 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -64,6 +64,11 @@ jobs:
           severity: 'CRITICAL,HIGH'
           format: 'sarif'
           output: 'trivy-results-${{ matrix.platforms }}.sarif'
+        env:
+          # Use AWS' ECR mirror for the trivy-db image, as GitHub's Container
+          # Registry is returning a TOOMANYREQUESTS error.
+          # Ref: https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: upload scan results
         uses: github/codeql-action/upload-sarif@956f09c2ef1926b580554b9014cfb8a51abf89dd # v2.16.6
         with: