From ce4642545b97c019bfe108816d1c9d64614b7c15 Mon Sep 17 00:00:00 2001
From: jamesthompson26-nhs <james.thompson26@nhs.net>
Date: Tue, 13 Jan 2026 13:17:44 +0000
Subject: [PATCH] CCM-13883: Trivy Optimisation

---
 .github/actions/trivy-iac/action.yaml     |  3 ++-
 .github/actions/trivy-package/action.yaml |  3 ++-
 .github/actions/trivy/action.yaml         | 17 -----------------
 .github/workflows/stage-1-commit.yaml     |  4 ----
 4 files changed, 4 insertions(+), 23 deletions(-)
 delete mode 100644 .github/actions/trivy/action.yaml

diff --git a/.github/actions/trivy-iac/action.yaml b/.github/actions/trivy-iac/action.yaml
index 583f9356..d3134a67 100644
--- a/.github/actions/trivy-iac/action.yaml
+++ b/.github/actions/trivy-iac/action.yaml
@@ -8,7 +8,8 @@ runs:
       run: |
         components_exit_code=0
         modules_exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/components || components_exit_code=$?
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/modules || modules_exit_code=$?
 
diff --git a/.github/actions/trivy-package/action.yaml b/.github/actions/trivy-package/action.yaml
index d6ee4a3f..783948e6 100644
--- a/.github/actions/trivy-package/action.yaml
+++ b/.github/actions/trivy-package/action.yaml
@@ -7,7 +7,8 @@ runs:
       shell: bash
       run: |
         exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode package . || exit_code=$?
 
         if [ $exit_code -ne 0 ]; then
diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml
deleted file mode 100644
index be940ce5..00000000
--- a/.github/actions/trivy/action.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: "Trivy Scan"
-runs:
-  using: "composite"
-  steps:
-    - name: "Trivy Terraform IAC Scan"
-      shell: bash
-      run: |
-        components_exit_code=0
-        modules_exit_code=0
-
-        ./scripts/terraform/trivy.sh ./infrastructure/terraform/components || components_exit_code=$?
-        ./scripts/terraform/trivy.sh ./infrastructure/terraform/modules || modules_exit_code=$?
-
-        if [ $components_exit_code -ne 0 ] || [ $modules_exit_code -ne 0 ]; then
-          echo "Trivy misconfigurations detected."
-          exit 1
-        fi
diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml
index 70e360cc..dd1e8d40 100644
--- a/.github/workflows/stage-1-commit.yaml
+++ b/.github/workflows/stage-1-commit.yaml
@@ -181,8 +181,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy IaC Scan"
         uses: ./.github/actions/trivy-iac
   trivy-package:
@@ -197,8 +195,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy Package Scan"
         uses: ./.github/actions/trivy-package
   count-lines-of-code: