fix: remove unsupported public ECR lifecycle policies (#507)

Remove the ECR lifecycle policies as they are not supported for
public ECRs.

Disable the Trivy Java DB sync since there is currently a bug with
the published artifact and it cannot be pushed to the public ECR.

.github/workflows/trivy-db-refresh.yml

@@ -30,10 +30,9 @@ jobs:
         with:
           registry-type: public
 
-      - name: Refresh Trivy Databases
+      - name: Refresh Trivy Database
         run: |
           ./bin/generate_sbom/trivy_db_refresh.sh trivy-db:latest ${{ vars.TRIVY_DB_REPOSITORY }}
-          ./bin/generate_sbom/trivy_db_refresh.sh trivy-java-db:1 ${{ vars.TRIVY_JAVA_DB_REPOSITORY }}
 
       - name: Logout of Amazon ECR
         run: docker logout ${{ steps.login-ecr.outputs.registry }}

terragrunt/aws/generate_sbom/ecr.tf

@@ -66,28 +66,3 @@ resource "aws_ecrpublic_repository_policy" "generate_sbom_trivy_java_db" {
   repository_name = aws_ecrpublic_repository.generate_sbom_trivy_java_db.repository_name
   policy          = sensitive(data.aws_iam_policy_document.sbom_public_policy_document.json)
 }
-
-#
-# Policy to expire untagged images
-#
-resource "aws_ecr_lifecycle_policy" "generate_sbom_trivy_db" {
-  provider   = aws.us-east-1
-  repository = aws_ecrpublic_repository.generate_sbom_trivy_db.repository_name
-  policy     = file("${path.module}/policy/lifecycle.json")
-}
-
-resource "aws_ecr_lifecycle_policy" "generate_sbom_trivy_java_db" {
-  provider   = aws.us-east-1
-  repository = aws_ecrpublic_repository.generate_sbom_trivy_java_db.repository_name
-  policy     = file("${path.module}/policy/lifecycle.json")
-}
-
-moved {
-  from = aws_ecrpublic_repository.generate_sbom_public
-  to   = aws_ecrpublic_repository.generate_sbom_trivy_db
-}
-
-moved {
-  from = aws_ecrpublic_repository_policy.sbom_public_policy
-  to   = aws_ecrpublic_repository_policy.generate_sbom_trivy_db
-}