From dcfee5ae3256960539d4d5fa7de1c32104f17b1b Mon Sep 17 00:00:00 2001
From: Antony Messerli <antony@mes.ser.li>
Date: Sun, 15 Mar 2026 14:50:17 -0500
Subject: [PATCH] Fix Trivy arm64 scan: set TRIVY_PLATFORM to match image
 architecture

Trivy defaults to linux/amd64 when resolving remote image digests.
On the arm64 build job, the pushed digest is a single-platform arm64
image, so Trivy fails with 'no child with platform linux/amd64'.
Setting TRIVY_PLATFORM=linux/arm64 resolves this.
---
 .github/workflows/build.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8a8921a..b00d9b0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -187,6 +187,8 @@ jobs:
 
     - name: Run Trivy vulnerability scanner (arm64)
       uses: aquasecurity/trivy-action@0.33.1
+      env:
+        TRIVY_PLATFORM: linux/arm64
       with:
         image-ref: 'ghcr.io/netbootxyz/netbootxyz@${{ steps.build.outputs.digest }}'
         version: 'v0.69.3'