From 80a92e99d98e255c6c03491efe5beb1215292274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Fri, 26 Jul 2024 11:50:52 +0200 Subject: [PATCH] fix: allow disable trivy scans for all workflows --- .github/workflows/use-ks-gh-preproduction.yaml | 11 ++++++++--- .github/workflows/use-ks-gh-review-auto.yaml | 10 ++++++++-- .github/workflows/use-ks-gh-review.yaml | 10 ++++++++-- .../workflows/use-ks-gh-with-env-preproduction.yaml | 11 ++++++++--- .github/workflows/use-ks-gh-with-env-production.yaml | 10 ++++++++-- .github/workflows/use-ks-gh-with-env-review-auto.yaml | 10 ++++++++-- .github/workflows/use-ks-gh-with-env-review.yaml | 10 ++++++++-- .github/workflows/use-ks-wh-preproduction.yaml | 10 ++++++++-- .github/workflows/use-ks-wh-production.yaml | 10 ++++++++-- .github/workflows/use-ks-wh-review-auto.yaml | 10 ++++++++-- .github/workflows/use-ks-wh-review.yaml | 10 ++++++++-- 11 files changed, 88 insertions(+), 24 deletions(-) diff --git a/.github/workflows/use-ks-gh-preproduction.yaml b/.github/workflows/use-ks-gh-preproduction.yaml index 0befa1a..c43fb0c 100644 --- a/.github/workflows/use-ks-gh-preproduction.yaml +++ b/.github/workflows/use-ks-gh-preproduction.yaml @@ -14,7 +14,9 @@ on: kubeconfigContext: required: false type: string - + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -53,14 +55,17 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-gh-review-auto.yaml b/.github/workflows/use-ks-gh-review-auto.yaml index 350e67d..b3c07d7 100644 --- a/.github/workflows/use-ks-gh-review-auto.yaml +++ b/.github/workflows/use-ks-gh-review-auto.yaml @@ -14,6 +14,9 @@ on: kubeconfigContext: required: false type: string + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -52,13 +55,16 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] + if: ${{ ! inputs.disableTrivyScans }} runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/use-ks-gh-review.yaml b/.github/workflows/use-ks-gh-review.yaml index c08bbc7..870553e 100644 --- a/.github/workflows/use-ks-gh-review.yaml +++ b/.github/workflows/use-ks-gh-review.yaml @@ -14,6 +14,9 @@ on: kubeconfigContext: required: false type: string + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -52,14 +55,17 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-gh-with-env-preproduction.yaml b/.github/workflows/use-ks-gh-with-env-preproduction.yaml index 9b3b1e1..3d29921 100644 --- a/.github/workflows/use-ks-gh-with-env-preproduction.yaml +++ b/.github/workflows/use-ks-gh-with-env-preproduction.yaml @@ -14,7 +14,9 @@ on: kubeconfigContext: required: false type: string - + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -54,8 +56,10 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} github-env-enabled: true @@ -63,6 +67,7 @@ jobs: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-gh-with-env-production.yaml b/.github/workflows/use-ks-gh-with-env-production.yaml index 85e5185..0a9b15f 100644 --- a/.github/workflows/use-ks-gh-with-env-production.yaml +++ b/.github/workflows/use-ks-gh-with-env-production.yaml @@ -14,6 +14,9 @@ on: kubeconfigContext: required: false type: string + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -53,14 +56,17 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} github-env-enabled: true trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] + if: ${{ ! inputs.disableTrivyScans }} runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/use-ks-gh-with-env-review-auto.yaml b/.github/workflows/use-ks-gh-with-env-review-auto.yaml index 62ab096..dae7367 100644 --- a/.github/workflows/use-ks-gh-with-env-review-auto.yaml +++ b/.github/workflows/use-ks-gh-with-env-review-auto.yaml @@ -14,6 +14,9 @@ on: kubeconfigContext: required: false type: string + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -53,8 +56,10 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} github-env-enabled: true @@ -62,6 +67,7 @@ jobs: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-gh-with-env-review.yaml b/.github/workflows/use-ks-gh-with-env-review.yaml index 3686854..bfcf089 100644 --- a/.github/workflows/use-ks-gh-with-env-review.yaml +++ b/.github/workflows/use-ks-gh-with-env-review.yaml @@ -14,6 +14,9 @@ on: kubeconfigContext: required: false type: string + disableTrivyScans: + required: false + type: boolean jobs: deploy: @@ -53,8 +56,10 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} provider: ${{ steps.deployment.outputs.provider }} github-env-enabled: true @@ -62,6 +67,7 @@ jobs: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-wh-preproduction.yaml b/.github/workflows/use-ks-wh-preproduction.yaml index eba42fd..bf2c6de 100644 --- a/.github/workflows/use-ks-wh-preproduction.yaml +++ b/.github/workflows/use-ks-wh-preproduction.yaml @@ -8,6 +8,9 @@ on: required: false type: boolean default: true + disableTrivyScans: + required: false + type: boolean secrets: KUBEWEBHOOK_TOKEN: required: true @@ -45,12 +48,15 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] + if: ${{ ! inputs.disableTrivyScans }} runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/use-ks-wh-production.yaml b/.github/workflows/use-ks-wh-production.yaml index 3985a5a..4e5528f 100644 --- a/.github/workflows/use-ks-wh-production.yaml +++ b/.github/workflows/use-ks-wh-production.yaml @@ -8,6 +8,9 @@ on: required: false type: boolean default: true + disableTrivyScans: + required: false + type: boolean secrets: KUBEWEBHOOK_TOKEN: required: true @@ -45,13 +48,16 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-wh-review-auto.yaml b/.github/workflows/use-ks-wh-review-auto.yaml index c82fddd..aa8900c 100644 --- a/.github/workflows/use-ks-wh-review-auto.yaml +++ b/.github/workflows/use-ks-wh-review-auto.yaml @@ -8,6 +8,9 @@ on: required: false type: boolean default: true + disableTrivyScans: + required: false + type: boolean secrets: KUBEWEBHOOK_TOKEN: required: true @@ -45,13 +48,16 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] runs-on: ubuntu-latest + if: ${{ ! inputs.disableTrivyScans }} strategy: fail-fast: false max-parallel: 3 diff --git a/.github/workflows/use-ks-wh-review.yaml b/.github/workflows/use-ks-wh-review.yaml index 3d733db..e7a0d14 100644 --- a/.github/workflows/use-ks-wh-review.yaml +++ b/.github/workflows/use-ks-wh-review.yaml @@ -8,6 +8,9 @@ on: required: false type: boolean default: true + disableTrivyScans: + required: false + type: boolean secrets: KUBEWEBHOOK_TOKEN: required: true @@ -45,12 +48,15 @@ jobs: pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }} token: ${{ secrets.GITHUB_TOKEN }} deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }} - deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }} - deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} + deployment-name: + ${{ steps.deployment-starting.outputs.deployment-name }} + deployment-ok: + ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }} trivy: name: 🕵️ Trivy vulnerability scanner needs: [deploy] + if: ${{ ! inputs.disableTrivyScans }} runs-on: ubuntu-latest strategy: fail-fast: false