fix: allow disable trivy scans for all workflows

SocialGouv · Jul 26, 2024 · 80a92e9 · 80a92e9
1 parent 35a3ff1
commit 80a92e9
Show file tree

Hide file tree

Showing 11 changed files with 88 additions and 24 deletions.
diff --git a/.github/workflows/use-ks-gh-preproduction.yaml b/.github/workflows/use-ks-gh-preproduction.yaml
@@ -14,7 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
-
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -53,14 +55,17 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-gh-review-auto.yaml b/.github/workflows/use-ks-gh-review-auto.yaml
@@ -14,6 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -52,13 +55,16 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
+    if: ${{ ! inputs.disableTrivyScans }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

diff --git a/.github/workflows/use-ks-gh-review.yaml b/.github/workflows/use-ks-gh-review.yaml
@@ -14,6 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -52,14 +55,17 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-gh-with-env-preproduction.yaml b/.github/workflows/use-ks-gh-with-env-preproduction.yaml
@@ -14,7 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
-
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -54,15 +56,18 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
           github-env-enabled: true
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-gh-with-env-production.yaml b/.github/workflows/use-ks-gh-with-env-production.yaml
@@ -14,6 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -53,14 +56,17 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
           github-env-enabled: true
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
+    if: ${{ ! inputs.disableTrivyScans }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

diff --git a/.github/workflows/use-ks-gh-with-env-review-auto.yaml b/.github/workflows/use-ks-gh-with-env-review-auto.yaml
@@ -14,6 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -53,15 +56,18 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
           github-env-enabled: true
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-gh-with-env-review.yaml b/.github/workflows/use-ks-gh-with-env-review.yaml
@@ -14,6 +14,9 @@ on:
       kubeconfigContext:
         required: false
         type: string
+      disableTrivyScans:
+        required: false
+        type: boolean
 
 jobs:
   deploy:
@@ -53,15 +56,18 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
           provider: ${{ steps.deployment.outputs.provider }}
           github-env-enabled: true
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-wh-preproduction.yaml b/.github/workflows/use-ks-wh-preproduction.yaml
@@ -8,6 +8,9 @@ on:
         required: false
         type: boolean
         default: true
+      disableTrivyScans:
+        required: false
+        type: boolean
     secrets:
       KUBEWEBHOOK_TOKEN:
         required: true
@@ -45,12 +48,15 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
+    if: ${{ ! inputs.disableTrivyScans }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

diff --git a/.github/workflows/use-ks-wh-production.yaml b/.github/workflows/use-ks-wh-production.yaml
@@ -8,6 +8,9 @@ on:
         required: false
         type: boolean
         default: true
+      disableTrivyScans:
+        required: false
+        type: boolean
     secrets:
       KUBEWEBHOOK_TOKEN:
         required: true
@@ -45,13 +48,16 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-wh-review-auto.yaml b/.github/workflows/use-ks-wh-review-auto.yaml
@@ -8,6 +8,9 @@ on:
         required: false
         type: boolean
         default: true
+      disableTrivyScans:
+        required: false
+        type: boolean
     secrets:
       KUBEWEBHOOK_TOKEN:
         required: true
@@ -45,13 +48,16 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.disableTrivyScans }}
     strategy:
       fail-fast: false
       max-parallel: 3

diff --git a/.github/workflows/use-ks-wh-review.yaml b/.github/workflows/use-ks-wh-review.yaml
@@ -8,6 +8,9 @@ on:
         required: false
         type: boolean
         default: true
+      disableTrivyScans:
+        required: false
+        type: boolean
     secrets:
       KUBEWEBHOOK_TOKEN:
         required: true
@@ -45,12 +48,15 @@ jobs:
           pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           token: ${{ secrets.GITHUB_TOKEN }}
           deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
-          deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
-          deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
+          deployment-name:
+            ${{ steps.deployment-starting.outputs.deployment-name }}
+          deployment-ok:
+            ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
 
   trivy:
     name: 🕵️ Trivy vulnerability scanner
     needs: [deploy]
+    if: ${{ ! inputs.disableTrivyScans }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false