Add trivy_enable to workflow

puehringer · web-flow · commit db0acae03e8d · 2025-10-30T15:22:29.000+01:00
diff --git a/.github/actions/build-node-python/action.yml b/.github/actions/build-node-python/action.yml
@@ -59,7 +59,7 @@ inputs:
     description: "run node bundle"
     default: "false"
     required: false
-  enable_trivy:
+  trivy_enable:
     description: "Enable trivy scans on lock files"
     default: "false"  # Enable this by default?
     required: false
@@ -293,7 +293,7 @@ runs:
 
     # Trivy
     - name: Run Trivy vulnerability scanner on uv.lock
-      if: inputs.enable_trivy == 'true' && inputs.enable_python == 'true'
+      if: inputs.trivy_enable == 'true' && inputs.enable_python == 'true'
       uses: aquasecurity/trivy-action@0.33.1
       with:
         scan-type: "fs"
@@ -307,7 +307,7 @@ runs:
         cache: "false"
       continue-on-error: false
     - name: Run Trivy vulnerability scanner on yarn.lock
-      if: inputs.enable_trivy == 'true' && inputs.enable_node == 'true'
+      if: inputs.trivy_enable == 'true' && inputs.enable_node == 'true'
       uses: aquasecurity/trivy-action@0.33.1
       with:
         scan-type: "fs"
diff --git a/.github/workflows/build-node-python.yml b/.github/workflows/build-node-python.yml
@@ -74,6 +74,11 @@ on:
         required: false
         description: Unique id per workflow run. Must be set to unique value if dispatched multiple times for a single workflow.
         default: ""
+      trivy_enable:
+        description: "Enable trivy scans on lock files"
+        default: false  # Enable this by default?
+        type: boolean
+        required: false
       chromatic_enable:
         description: 'Enable Chromatic tests'
         required: false
@@ -151,6 +156,7 @@ jobs:
           enable_python: false
           # We probably won't need Rust on Node builds...
           # enable_rust: ${{ inputs.rust_enable }}
+          trivy_enable: ${{ inputs.trivy_enable }}
           run_parallel: ${{ inputs.run_parallel }}
           node_version: ${{ vars.NODE_VERSION || inputs.node_version }}
           npm_registry: ${{ vars.NPM_REGISTRY }}
@@ -191,6 +197,7 @@ jobs:
         with:
           enable_node: false
           enable_python: true
+          trivy_enable: ${{ inputs.trivy_enable }}
           enable_rust: ${{ inputs.rust_enable }}
           run_parallel: ${{ inputs.run_parallel }}
           node_version: ${{ vars.NODE_VERSION || inputs.node_version }}
@@ -282,6 +289,7 @@ jobs:
       - name: Build node and python
         uses: ./tmp/github-workflows/.github/actions/build-node-python
         with:
+          trivy_enable: ${{ inputs.trivy_enable }}
           enable_rust: ${{ inputs.rust_enable }}
           run_parallel: ${{ inputs.run_parallel }}
           node_version: ${{ vars.NODE_VERSION || inputs.node_version }}
@@ -425,6 +433,7 @@ jobs:
       - name: Build node and python
         uses: ./tmp/github-workflows/.github/actions/build-node-python
         with:
+          trivy_enable: ${{ inputs.trivy_enable }}
           enable_rust: ${{ inputs.rust_enable }}
           run_parallel: ${{ inputs.run_parallel }}
           node_version: ${{ vars.NODE_VERSION || inputs.node_version }}
