From 7b88789c40f822097e707e5b54f9df0864062c7f Mon Sep 17 00:00:00 2001
From: aldousalvarez <aldousss.alvarez@gmail.com>
Date: Fri, 29 Nov 2024 17:59:12 +0800
Subject: [PATCH] ci(trivy): fix scan failures due to TOOMANYREQUESTS DB error

Primary Changes
----------------
1. Updated the ci.yaml to make the trivy scan
   run only on the weekends

Fixes #3652

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
---
 .github/workflows/ci.yaml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5f3c1e4eff..1af3e72cd8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -48,6 +48,19 @@ jobs:
       - name: Set output
         id: set-output
         run: echo "run-coverage=${{ env.RUN_CODE_COVERAGE }}" >> "$GITHUB_OUTPUT"
+        
+  check-day:
+    runs-on: ubuntu-22.04
+    outputs:
+      day_of_week: ${{ steps.get_day.outputs.day_of_week }}
+    steps:
+      - name: Get current day
+        id: get_day
+        run: |
+          # Get the current day of the week (1 = Monday, 7 = Sunday)
+          echo "day_of_week=$(date +'%u')" >> "$GITHUB_OUTPUT"
+      - name: Get current day and time
+        run: echo "Day of the Week from check-day ${{ steps.get_day.outputs.day_of_week }}"
 
   compute_changed_packages:
     needs: check-ci-skip
@@ -445,6 +458,7 @@ jobs:
     needs:
       - build-dev
       - compute_changed_packages
+      - check-day
     if: needs.compute_changed_packages.outputs.cmd-api-server-changed == 'true'
     env:
       DEV_BUILD_DISABLED: false
@@ -493,7 +507,7 @@ jobs:
             --tag cmd-api-server \
             --tag "ghcr.io/hyperledger/cactus-cmd-api-server:$(date +"%Y-%m-%dT%H-%M-%S" --utc)-dev-$(git rev-parse --short HEAD)"
 
-      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
+      - if: ${{ env.RUN_TRIVY_SCAN == 'true' && (needs.check-day.outputs.day_of_week == '6' || needs.check-day.outputs.day_of_week == '7') }}
         name: Run Trivy vulnerability scan for cmd-api-server
         uses: aquasecurity/trivy-action@0.19.0
         with:
@@ -1375,6 +1389,7 @@ jobs:
     needs:
       - build-dev
       - compute_changed_packages
+      - check-day
     if: needs.compute_changed_packages.outputs.plugin-ledger-connector-corda-changed == 'true'
     env:
       FREE_UP_GITHUB_RUNNER_DISK_SPACE_DISABLED: false
@@ -1417,7 +1432,7 @@ jobs:
         working-directory: packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/
         run: ./gradlew clean build -Pversion=dev -DrootProjectName=cacti-connector-corda-server
   
-      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
+      - if: ${{ env.RUN_TRIVY_SCAN == 'true' && (needs.check-day.outputs.day_of_week == '6' || needs.check-day.outputs.day_of_week == '7') }}
         name: Run Trivy vulnerability scan for cactus-connector-corda-server
         uses: aquasecurity/trivy-action@0.19.0
         with:
@@ -2274,12 +2289,13 @@ jobs:
         run: DOCKER_BUILDKIT=1 docker build ./tools/docker/daml-all-in-one/ -f ./tools/docker/daml-all-in-one/Dockerfile
 
   ghcr-keychain-vault-server:
+    needs: check-day
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4.1.7
       - name: ghcr.io/hyperledger/cactus-keychain-vault-server
         run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server
-      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
+      - if: ${{ env.RUN_TRIVY_SCAN == 'true' && (needs.check-day.outputs.day_of_week == '6' || needs.check-day.outputs.day_of_week == '7') }}}}
         name: Run Trivy vulnerability scan for cactus-keychain-vault-server
         uses: aquasecurity/trivy-action@0.19.0
         with: