docker fix

Author: travis-bauer

.github/workflows/ci-cd.yml

@@ -136,7 +136,7 @@ jobs:
     - name: Run container security scan with Trivy
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: ${{ fromJSON(steps.meta.outputs.tags)[0] }}
+        image-ref: ${{ steps.meta.outputs.tags }}
         format: 'sarif'
         output: 'trivy-results.sarif'
 

test-workflow.yml

@@ -0,0 +1,20 @@
+name: Test Metadata Tags
+on: workflow_dispatch
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ghcr.io/test/repo
+        tags: |
+          type=ref,event=branch
+          type=sha,prefix={{branch}}-
+    
+    - name: Show tags
+      run: |
+        echo "Tags: ${{ steps.meta.outputs.tags }}"
+        echo "First tag would be used by Trivy"