Add trivy stuff to individual build workflows

puehringer · web-flow · commit 891a2e20a9cd · 2025-10-30T15:54:03.000+01:00
diff --git a/.github/workflows/build-node.yml b/.github/workflows/build-node.yml
@@ -7,6 +7,15 @@ on:
         type: string
         required: false
         default: ${{ github.ref || github.head_ref }}
+      trivy_enable:
+        description: "Enable trivy scans on lock files"
+        default: false  # Enable this by default?
+        type: boolean
+        required: false
+      trivy_severity:
+        description: "Severity for the trivy scans"
+        type: string
+        required: false
       chromatic_enable:
         description: 'Enable Chromatic tests'
         required: false
@@ -69,6 +78,8 @@ jobs:
         with:
           enable_node: true
           enable_python: false
+          trivy_enable: ${{ inputs.trivy_enable }}
+          trivy_severity: ${{ inputs.trivy_severity }}
           node_version: ${{ vars.NODE_VERSION || inputs.node_version }}
           npm_registry: ${{ vars.NPM_REGISTRY }}
           github_ro_token: ${{ github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token  }}
diff --git a/.github/workflows/build-python.yml b/.github/workflows/build-python.yml
@@ -7,6 +7,15 @@ on:
         type: string
         required: false
         default: ${{ github.ref || github.head_ref }}
+      trivy_enable:
+        description: "Enable trivy scans on lock files"
+        default: false  # Enable this by default?
+        type: boolean
+        required: false
+      trivy_severity:
+        description: "Severity for the trivy scans"
+        type: string
+        required: false
       runs_on:
         type: string
         required: false
@@ -56,6 +65,8 @@ jobs:
         with:
           enable_node: false
           enable_python: true
+          trivy_enable: ${{ inputs.trivy_enable }}
+          trivy_severity: ${{ inputs.trivy_severity }}
           github_ro_token: ${{ github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token  }}
           python_version: ${{ vars.PYTHON_VERSION || inputs.python_version }}
           enable_python_cache: ${{ inputs.runs_on != 'self-hosted' }}
