Trivy scan for release branches #671

	name: Trivy

	on:
	pull_request:
	# schedule:
	# - cron: '0 10 * * *'
	# push:
	# branches:
	# - main
	# - 'v[0-9]+.[0-9]+'
	# - '[0-9]+.[0-9]+'
	# tags:
	# - 'v[0-9]+.[0-9]+'
	jobs:
	prepare:
	runs-on: ubuntu-latest
	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: create branches to test
	run: \|
	BRANCHES=$(git branch -r \| grep -E '(v[0-9]+.[0-9]+)\|(release-[0-9]+.[0-9]+)\|([0-9]+.[0-9]+$)' \| sed -e 's#^ origin/##' \| jq -R -s -c 'split("\n")[:-1]')
	echo "$BRANCHES"
	echo "BRANCHES=$(echo $BRANCHES)" >> $GITHUB_ENV
	- name: list branches to test
	run: \|
	echo ${{ env.BRANCHES }}
	# scan:
	# runs-on: ubuntu-latest
	# strategy:
	# matrix:
	# branch: [master]
	# permissions:
	# security-events: write
	# steps:
	# - name: Checking out repo
	# uses: actions/checkout@v4
	# with:
	# ref: ${{ matrix.branch }}
	# - name: Run Trivy vulnerability scanner in repo mode
	# uses: aquasecurity/[email protected]
	# with:
	# scan-type: "fs"
	# ignore-unfixed: true
	# format: "sarif"
	# output: "output.sarif"
	# severity: "MEDIUM,HIGH,CRITICAL"
	# env:
	# TRIVY_DB-REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db"
	# - name: Get commit sha
	# run: \|
	# SHA="$(git rev-parse HEAD)"
	# echo "head_sha=$SHA" >> "$GITHUB_ENV"
	# - name: Upload Trivy scan results to GitHub Security tab
	# uses: github/codeql-action/upload-sarif@v3
	# with:
	# sarif_file: "output.sarif"
	# sha: ${{ env.head_sha }}
	# ref: refs/heads/${{ matrix.branch }}

Provide feedback