ci: install trivy in bump-trivy workflow and update tests (#495)

* ci: install trivy in bump-trivy workflow

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* test: diasble list-all-pkgs and remove ReportID

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* ci: run tests after updating golden files

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* fix BATS_LIB_PATH setting

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

.github/workflows/bump-trivy.yaml

@@ -16,21 +16,30 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set new version from input
-        run: echo "NEW_VERSION=${{ inputs.trivy_version }}" >> $GITHUB_ENV
-
       - name: Update Trivy versions
+        env:
+          NEW_VERSION: ${{ inputs.trivy_version }}
         run: make bump-trivy
 
       - name: Setup Bats and bats libs
         id: setup-bats
         uses: bats-core/bats-action@3.0.1
 
+      - name: Install Trivy
+        run: |
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ inputs.trivy_version }}
+          trivy --version
+
       - name: Update golden files
         env:
           BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
         run: make update-golden
 
+      - name: Run tests
+        env:
+          BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
+        run: make test
+
       - name: Create PR
         id: create-pr
         uses: peter-evans/create-pull-request@v5

Makefile

@@ -1,10 +1,11 @@
 OS := $(shell uname)
-SED = sed
-BATS_LIB_PATH ?= /usr/local/lib/ 
 
 ifeq ($(OS), Darwin)
-SED = gsed
-BATS_LIB_PATH ?= /opt/homebrew/lib
+  SED = gsed
+  BATS_LIB_PATH ?= /opt/homebrew/lib
+else
+  SED = sed
+  BATS_LIB_PATH ?= /usr/local/lib/
 endif
 
 BATS_ENV := BATS_LIB_PATH=$(BATS_LIB_PATH) \

test/test.bats

@@ -5,6 +5,7 @@ setup_file() {
   export TRIVY_DB_REPOSITORY=ghcr.io/${owner}/trivy-db-act:latest
   export TRIVY_JAVA_DB_REPOSITORY=ghcr.io/${owner}/trivy-java-db-act:latest
   export TRIVY_CHECKS_BUNDLE_REPOSITORY=ghcr.io/${owner}/trivy-checks-act:latest
+  export TRIVY_LIST_ALL_PKGS=false
 }
 
 setup() {
@@ -16,7 +17,7 @@ setup() {
 function remove_json_fields() {
   local file="$1"
   if [[ "$file" == *.json ]]; then
-      jq 'del(.CreatedAt)' "$file" > tmp && mv tmp "$file"
+      jq 'del(.CreatedAt, .ReportID)' "$file" > tmp && mv tmp "$file"
   fi
 }