Cache path not working on v5

[aszenz]

As per docs on master:

To speed up security checks, you can cache the vulnerability database:
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
id: cache-db
with:
path: ~/.symfony/cache
key: db
- uses: symfonycorp/security-checker-action@v4

Using the @v5 version i get this in logs when running the post run cache action:

Warning: Path Validation Error: Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved.

Does @v5 (symfony-cli) use the same cache or a different path?

Also relates to #10

[spaze]

It seems that the cache file is created in /tmp (as returned by os.TempDir()):
https://github.com/symfony-cli/symfony-cli/blob/095d4b666113f80709fa539b5be96f325294d050/commands/local_check_security.go#L40-L47
(first line sets the cache-dir param default, the last line of that snippet uses it in security.NewDB(...)) but probably because v5 of the action now uses the Symfony image #9, the tempdir and the cache file inside that dir is inaccessible from the action inside the container.

When running the CLI tool locally, I get the file in /tmp/php_sec_db.json as created by local-php-security-checker, see https://github.com/fabpot/local-php-security-checker/blob/cbd9425bb8d853e7735fab277f8fba9d2aacff83/security/advisories.go#L71 but no file when running this action.

I see 2 ways forward:

1. Remove the cache info from README (basically revert 9bf76f8)
2. Update the container to have a temp dir accessible outside Docker and use the same dir in --cache-dir when calling the Symfony CLI tool, and then the same dir in actions/cache. RUNNER_TEMP env var may be handy, but maybe it's not, not a GitHub Actions expert unfortunately