ci: re-enable trivy vulnerability scanning with SHA-pinned action

Aisura · Aisura · commit 86ac5809b3c6 · 2026-04-26T21:29:39.000-07:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -89,12 +89,12 @@ jobs:
           interval: 10
           retries: 8
 
-#       - name: Upload Trivy report as artifact
-#         uses: actions/upload-artifact@v4
-#         with:
-#           name: trivy-report
-#           path: /tmp/trivy-report-*.json
-# 
+      - name: Upload Trivy report as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-report
+          path: /tmp/trivy-report-*.json
+
       - name: Push image
         uses: docker/build-push-action@v6
         with:
