(CDPE-7069) Update trivy calls to use cache

This commit reverts the change to remove trivy scans.  In order to avoid
the rate limiting errors that prompted their removal, this commit
switches the trivy scans over to using a local cache of their DB.  That
DB is refreshed daily via a separate workflow.

Author: abottchen

.github/workflows/build-test-push.yml

@@ -29,6 +29,9 @@ jobs:
           vuln-type: os
           timeout: 10m0s
           skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
       - name: Run tests
         run: cd tests; ./run_tests.sh
       - name: Tag Docker images

.github/workflows/build-test.yml

@@ -28,6 +28,9 @@ jobs:
           vuln-type: os
           timeout: 10m0s
           skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
       - name: Run tests
         working-directory: ${{ github.workspace }}/tests
         run: ./run_tests.sh

.github/workflows/publish-4x-image.yml

@@ -33,6 +33,9 @@ jobs:
           vuln-type: os
           timeout: 10m0s
           skip-files: "/root/.pdk/cache/ruby/*/gems/aws-sdk-core-*/lib/aws-sdk-ssooidc/client.rb"
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
       - name: Publish standard image to 4.x
         env:
           IMAGE_TAG: ${{ github.event.inputs.image_tag }}