refactor: download release image and scan .tar

Author: jsjoeio

.github/workflows/ci.yaml

@@ -409,18 +409,12 @@ jobs:
 
   trivy-scan:
     runs-on: ubuntu-20.04
-    needs: package-linux-amd64
+    needs: docker-amd64
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      - name: Download release package
-        uses: actions/download-artifact@v2
-        with:
-          name: release-packages
-          path: ./release-packages
-
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:
@@ -432,10 +426,16 @@ jobs:
           output: "trivy-repo-results.sarif"
           severity: "CRITICAL"
 
+      - name: Download release images
+        uses: actions/download-artifact@v2
+        with:
+          name: release-images
+          path: ./release-images
+
       - name: Run Trivy vulnerability scanner in image mode
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "codercom/code-server:${{ github.sha }}"
+          input: "./release-images/*.tar"
           scan-type: "image"
           ignore-unfixed: true
           format: "template"