Merge branch 'main' into feat/add-trivy

puehringer · web-flow · commit a6d6a87bab41 · 2025-05-08T22:09:59.000+02:00
diff --git a/.github/workflows/build-docker-artifacts.yml b/.github/workflows/build-docker-artifacts.yml
@@ -266,7 +266,7 @@ jobs:
         run: docker logout ${{ steps.login-ecr.outputs.registry }}
 
       - name: Scan image
-        if: ${{ inputs.skip_image_scan != true && fromJson(vars.SKIP_IMAGE_SCAN) != true && matrix.component.skip_image_scan != true }}
+        if: ${{ inputs.skip_image_scan != true && fromJson(vars.SKIP_IMAGE_SCAN || 'false') != true && matrix.component.skip_image_scan != true }}
         id: get-ecr-scan-result
         uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result
         with:
@@ -276,7 +276,7 @@ jobs:
           ecr_repository: ${{ matrix.component.ecr_repository }}
           image_tag: ${{ matrix.component.image_tag }}
       - name: Check scan results
-        if: ${{ inputs.skip_image_scan != true && fromJson(vars.SKIP_IMAGE_SCAN) != true && matrix.component.skip_image_scan != true }}
+        if: ${{ inputs.skip_image_scan != true && fromJson(vars.SKIP_IMAGE_SCAN || 'false') != true && matrix.component.skip_image_scan != true }}
         run: |
           if [ "${{ steps.get-ecr-scan-result.outputs.critical }}" != "null" ] || [ "${{ steps.get-ecr-scan-result.outputs.high }}" != "null" ]; then
             echo "Docker image contains vulnerabilities at critical or high level"
diff --git a/.github/workflows/build-product.yml b/.github/workflows/build-product.yml
@@ -2,6 +2,11 @@ name: build-product
 
 on:
   workflow_call:
+    inputs:
+      runs_on:
+        type: string
+        required: false
+        default: "ubuntu-22.04"
     secrets:
       DATAVISYN_BOT_REPO_TOKEN:
         required: false
@@ -97,6 +102,7 @@ jobs:
       image_tag2: ${{ needs.prepare-build.outputs.image_tag2 }}
       build_time: ${{ needs.prepare-build.outputs.build_time }}
       stage: ${{ needs.prepare-build.outputs.stage }}
+      runs_on: ${{ inputs.runs_on }}
     secrets: inherit
   build-workspace:
     needs: prepare-build
diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml
@@ -46,6 +46,10 @@ on:
           type: number
           required: false
           default: 60
+        runs_on:
+          type: string
+          required: false
+          default: "ubuntu-22.04"
 env:
   TIME_ZONE: "Europe/Vienna"
   NODE_VERSION: "20.9"
@@ -62,7 +66,7 @@ permissions:
 jobs:
   build-components:
     timeout-minutes: ${{ fromJSON(inputs.timeout) }}
-    runs-on: ubuntu-22.04
+    runs-on: ${{ inputs.runs_on || 'ubuntu-22.04' }}
     steps:
       - name: Remove unnecessary files
         run: |
@@ -264,7 +268,7 @@ jobs:
             org.opencontainers.image.created=${{ inputs.build_time }}
             org.opencontainers.image.revision=${{ github.sha }}
       - name: scan image
-        if: ${{ steps.get-parameters.outputs.skip_image_check != 'true' }}
+        if: ${{ fromJson(vars.SKIP_IMAGE_SCAN || 'false') != true && steps.get-parameters.outputs.skip_image_check != 'true' }}
         id: get-ecr-scan-result
         uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result
         with:
