From fa74ec1263ad60da5239f3307756668ae429107f Mon Sep 17 00:00:00 2001
From: Ian Cardoso <ian.cardoso@suse.com>
Date: Thu, 13 Jul 2023 15:03:50 -0300
Subject: [PATCH] fix image_scan.sh script and download trivy version (#7950)

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 58a8deb25d07483aafc21f736cb9198e857d0523)
---
 Dockerfile.dapper     | 30 ++++++++++++++++++------------
 scripts/image_scan.sh |  4 ++--
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/Dockerfile.dapper b/Dockerfile.dapper
index 7ef10f76a00e..13f740f8d0db 100644
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -19,19 +19,25 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c
 
 RUN python3 -m pip install awscli
 
-RUN if [ "$(go env GOARCH)" = "arm64" ]; then                                                               \
-    wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-ARM64.tar.gz && \
-    tar -zxvf trivy_0.25.3_Linux-ARM64.tar.gz                                                            && \
-    mv trivy /usr/local/bin;                                                                                \
-    elif [ "$(go env GOARCH)" = "arm" ]; then                                                               \
-    wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-ARM.tar.gz   && \
-    tar -zxvf trivy_0.25.3_Linux-ARM.tar.gz                                                              && \
-    mv trivy /usr/local/bin;                                                                                \
-    elif [ "$(go env GOARCH)" = "amd64" ]; then                                                             \
-    wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-64bit.tar.gz && \
-    tar -zxvf trivy_0.25.3_Linux-64bit.tar.gz                                                            && \
-    mv trivy /usr/local/bin;                                                                                \
+RUN TRIVY_VERSION="0.43.1" && \
+    if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \
+        if [ "$(go env GOARCH)" = "arm64" ]; then \
+            # Turn arm64 into uppercase ARM64 for Trivy's download
+            TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        elif [ "$(go env GOARCH)" = "amd64" ]; then \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        elif [ "$(go env GOARCH)" = "s390x" ]; then \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        fi \
     fi
+
 # this works for both go 1.17 and 1.18
 RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.8.2
 RUN rm -rf /go/src /go/pkg
diff --git a/scripts/image_scan.sh b/scripts/image_scan.sh
index 3b6720cad904..83e56e3cab23 100755
--- a/scripts/image_scan.sh
+++ b/scripts/image_scan.sh
@@ -9,8 +9,8 @@ fi
 
 ARCH=$2
 
-# skipping image scan for s390x since trivy doesn't support s390x arch yet
-if [ "${ARCH}" == "s390x" ]; then
+# skipping image scan for 32 bits image since trivy dropped support for those https://github.com/aquasecurity/trivy/discussions/4789
+if  [[ "${ARCH}" = "arm" ]] || [ "${ARCH}" != "386" ]; then
     exit 0
 fi