From c8fa7fd543dff74e7253956431978e32ef2d9d3e Mon Sep 17 00:00:00 2001
From: Seth Simmons <sethsimmons@protonmail.com>
Date: Tue, 13 Jul 2021 19:45:44 +0000
Subject: [PATCH] Only run Trivy against Dockerfile changes

As the Trivy run is scheduled via cron, we should only run in addition to that if the Dockerfile itself is changed.
---
 .github/workflows/trivy-analysis.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml
index 374c6eb..4e1de57 100644
--- a/.github/workflows/trivy-analysis.yml
+++ b/.github/workflows/trivy-analysis.yml
@@ -2,10 +2,11 @@ name: Build and scan container for vulnerabilities with Trivy
 
 on:
   push:
-    branches: [ main ]
+    paths:
+    - 'Dockerfile'
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
+    paths:
+    - 'Dockerfile'
   schedule:
     - cron: '22 14 * * 0'