Update Trivy Cache #401

	# Copyright 2024 Zaphiro Technologies
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: Update Trivy Cache

	on:
	schedule:
	- cron: "0 0 * * *" # Run daily at midnight UTC
	workflow_dispatch: # Allow manual triggering
	workflow_call: # Allow remote call

	jobs:
	update-trivy-db:
	runs-on: ubuntu-latest
	steps:
	- name: Setup oras
	uses: oras-project/setup-oras@v1

	- name: Get current date
	id: date
	run: echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"

	- name: Download and extract the vulnerability DB
	run: \|
	mkdir -p "$GITHUB_WORKSPACE/.cache/trivy/db"
	oras pull ghcr.io/aquasecurity/trivy-db:2
	tar -xzf db.tar.gz -C "$GITHUB_WORKSPACE/.cache/trivy/db"
	rm db.tar.gz

	- name: Download and extract the Java DB
	run: \|
	mkdir -p "$GITHUB_WORKSPACE/.cache/trivy/java-db"
	oras pull ghcr.io/aquasecurity/trivy-java-db:1
	tar -xzf javadb.tar.gz -C "$GITHUB_WORKSPACE/.cache/trivy/java-db"
	rm javadb.tar.gz

	- name: Cache DBs
	uses: actions/cache/save@v5
	with:
	path: ${{ github.workspace }}/.cache/trivy
	key: cache-trivy-${{ steps.date.outputs.date }}

Provide feedback