From 47ccc6836beddffdba6903fc9cd691dbb90aac48 Mon Sep 17 00:00:00 2001
From: Maggie Dreyer <maggie@puppet.com>
Date: Thu, 8 Feb 2024 11:59:05 -0800
Subject: [PATCH] (maint) Add globbing to Trivy skip-file directives

This allows the files with false positives to be skipped even if
the Ruby or gem version changes.
---
 .github/workflows/build-test-push.yml  | 2 +-
 .github/workflows/build-test.yml       | 2 +-
 .github/workflows/publish-4x-image.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-test-push.yml b/.github/workflows/build-test-push.yml
index 7b14672..7544334 100644
--- a/.github/workflows/build-test-push.yml
+++ b/.github/workflows/build-test-push.yml
@@ -22,7 +22,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM'
           vuln-type: os
           timeout: 10m0s
-          skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb"
+          skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
       - name: Run tests
         run: cd tests; ./run_tests.sh
       - name: Tag Docker images
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index 3236fe9..1e68ce7 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -24,7 +24,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM'
           vuln-type: os
           timeout: 10m0s
-          skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb"
+          skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
       - name: Run tests
         working-directory: ${{ github.workspace }}/tests
         run: ./run_tests.sh
diff --git a/.github/workflows/publish-4x-image.yml b/.github/workflows/publish-4x-image.yml
index a4b9372..4e2b077 100644
--- a/.github/workflows/publish-4x-image.yml
+++ b/.github/workflows/publish-4x-image.yml
@@ -32,7 +32,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM'
           vuln-type: os
           timeout: 10m0s
-          skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb"
+          skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
       - name: Publish standard image to 4.x
         env:
           IMAGE_TAG: ${{ github.event.inputs.image_tag }}