From e178b5bcff26665b5bfcc5baae62473df51b3823 Mon Sep 17 00:00:00 2001
From: saville <saville@adobe.com>
Date: Mon, 7 Oct 2024 15:51:07 -0600
Subject: [PATCH] Make sure to explicitly set cache-dir just in case

---
 buildrunner/steprunner/tasks/push.py |  5 ++++-
 tests/test_push_security_scan.py     | 12 ++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/buildrunner/steprunner/tasks/push.py b/buildrunner/steprunner/tasks/push.py
index 8afba65b..0b92853f 100644
--- a/buildrunner/steprunner/tasks/push.py
+++ b/buildrunner/steprunner/tasks/push.py
@@ -254,7 +254,10 @@ def _security_scan_trivy(
             with open(
                 os.path.join(local_run_dir, config_file_name), "w", encoding="utf8"
             ) as fobj:
-                yaml.safe_dump(security_scan_config.config, fobj)
+                yaml.safe_dump(
+                    {"cache-dir": container_cache_dir, **security_scan_config.config},
+                    fobj,
+                )
 
             image_scanner = None
             try:
diff --git a/tests/test_push_security_scan.py b/tests/test_push_security_scan.py
index 8570b4e4..cc1a40bd 100644
--- a/tests/test_push_security_scan.py
+++ b/tests/test_push_security_scan.py
@@ -353,14 +353,10 @@ def _call_run(command, **kwargs):
         "config.yaml",
         "results.json",
     }
-    assert (
-        yaml.safe_load((run_path / "config.yaml").read_text())
-        == security_scan_config.config
-    )
-    assert (
-        yaml.safe_load((run_path / "config.yaml").read_text())
-        == security_scan_config.config
-    )
+    assert yaml.safe_load((run_path / "config.yaml").read_text()) == {
+        "cache-dir": "/root/.cache/trivy",
+        **security_scan_config.config,
+    }
 
     docker_runner_mock.ImageConfig.assert_called_once_with(
         "registry1/aquasec/trivy:latest",