From 1a4bb3634ba42ebfce999694793400ed2a9cc367 Mon Sep 17 00:00:00 2001
From: Andrew Ridgway <ar17787@gmail.com>
Date: Wed, 20 May 2026 22:11:39 +1000
Subject: [PATCH] update trivy again

---
 .gitea/workflows/build_push.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/build_push.yml b/.gitea/workflows/build_push.yml
index 17334f1..df02899 100644
--- a/.gitea/workflows/build_push.yml
+++ b/.gitea/workflows/build_push.yml
@@ -46,10 +46,12 @@ jobs:
 
       - name: Trivy Scan
         run: |
-          echo "Installing Trivy (latest from GitHub)"
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+          TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
+          wget -qO /tmp/trivy.tar.gz "https://github.com/aquasecurity/trivy/releases/download/${TRIVY_VERSION}/trivy_${TRIVY_VERSION#v}_Linux-64bit.tar.gz"
+          tar xzf /tmp/trivy.tar.gz -C /usr/local/bin trivy
+          chmod +x /usr/local/bin/trivy
           trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL git.aridgwayweb.com/armistace/pr-reviewer:latest
-          
+
       - name: Deploy
         run: |
           echo "Installing Kubectl"
@@ -72,4 +74,4 @@ jobs:
             --from-literal=TOTAL_FLOW_TIMEOUT=600 \
             --from-literal=PER_CREW_TIMEOUT=300 \
             --namespace=pr-reviewer
-          kubectl apply -f kube/pr-reviewer_deployment.yaml && kubectl apply -f kube/pr-reviewer_service.yaml
\ No newline at end of file
+          kubectl apply -f kube/pr-reviewer_deployment.yaml && kubectl apply -f kube/pr-reviewer_service.yaml