From 7053b53b8c14f8bfc24885e1c87f1547b24d658b Mon Sep 17 00:00:00 2001
From: tarunpandey23 <79900831+tarunpandey23@users.noreply.github.com>
Date: Wed, 26 Feb 2025 16:03:23 +0530
Subject: [PATCH] Feat: Update Trivy Scan to Trigger Workflow on Changes to
 .py, .java, and Dockerfile Files (#19963)

* Updated trivy scan for running on changes in .java extension files and Dockerfile

* Updated trivy scan for running on changes in .py extension files and Dockerfile

* Updated paths

---------

Co-authored-by: Tarun <tarun.p@deuexsolutions.com>
---
 .../trivy-scan-ingestion-base-slim-image.yml          |  7 ++-----
 .github/workflows/trivy-scan-ingestion-image.yml      |  7 ++-----
 .github/workflows/trivy-scan-openmetadta-server.yml   | 11 ++---------
 3 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/trivy-scan-ingestion-base-slim-image.yml b/.github/workflows/trivy-scan-ingestion-base-slim-image.yml
index 3805100da05..c40b61dc771 100644
--- a/.github/workflows/trivy-scan-ingestion-base-slim-image.yml
+++ b/.github/workflows/trivy-scan-ingestion-base-slim-image.yml
@@ -4,11 +4,8 @@ on:
     pull_request_target:
         types: [labeled, opened, synchronize, reopened]
         paths:
-          - "ingestion/**"
-          - "openmetadata-service/**"
-          - "openmetadata-spec/src/main/resources/json/schema/**"
-          - "pom.xml"
-          - "Makefile"
+          - "**/*.py"
+          - "ingestion/operators/docker/Dockerfile.ci"
     
 concurrency: 
   group: trivy-ingestion-base-slim-scan-${{ github.head_ref || github.run_id }}
diff --git a/.github/workflows/trivy-scan-ingestion-image.yml b/.github/workflows/trivy-scan-ingestion-image.yml
index 5ac8156bf1a..db3647a9853 100644
--- a/.github/workflows/trivy-scan-ingestion-image.yml
+++ b/.github/workflows/trivy-scan-ingestion-image.yml
@@ -4,11 +4,8 @@ on:
     pull_request_target:
         types: [labeled, opened, synchronize, reopened]
         paths:
-          - "ingestion/**"
-          - "openmetadata-service/**"
-          - "openmetadata-spec/src/main/resources/json/schema/**"
-          - "pom.xml"
-          - "Makefile"
+          - "**/*.py"
+          - "ingestion/Dockerfile.ci"
     
 concurrency: 
   group: trivy-ingestion-scan-${{ github.head_ref || github.run_id }}
diff --git a/.github/workflows/trivy-scan-openmetadta-server.yml b/.github/workflows/trivy-scan-openmetadta-server.yml
index 615a1229555..4f4af72e98e 100644
--- a/.github/workflows/trivy-scan-openmetadta-server.yml
+++ b/.github/workflows/trivy-scan-openmetadta-server.yml
@@ -3,15 +3,8 @@ on:
     pull_request_target:
         types: [labeled, opened, synchronize, reopened]
         paths:
-          - "openmetadata-service/**"
-          - "openmetadata-spec/src/main/resources/json/schema/**"
-          - "openmetadata-dist/**"
-          - "openmetadata-clients/**"
-          - "common/**"
-          - "pom.xml"
-          - "yarn.lock"
-          - "Makefile"
-          - "bootstrap/**"
+          - "**/*.java"
+          - "docker/development/Dockerfile"
 concurrency: 
   group: trivy-server-scan-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true