[CI] Do not run Trivy scan by default (1.0.x branch)

To get around recent TOOMANYREQUESTS from Trivy during DB download,
this commit does the following:

- removes the scan from ci-pr.yml altogether
- makes scan optional (default false) for ci.yml

Author: onobc

.github/workflows/ci-pr.yml

@@ -99,14 +99,9 @@ jobs:
               -PspringPulsarVersion="$VERSION" \
               -PspringBootVersion="$BOOT_VERSION" \
               :runAllSampleTests
-  scan:
-    needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
-    uses: ./.github/workflows/trivy-scan.yml
-
   done:
     runs-on: ubuntu-latest
-    needs: [ build_and_verify, check_samples, scan ]
+    needs: [ build_and_verify, check_samples ]
     steps:
       - name: 'Done'
         shell: bash

.github/workflows/ci.yml

@@ -7,6 +7,12 @@ on:
     paths-ignore:
       - '.github/**'
   workflow_dispatch:
+    inputs:
+      run-trivy-scan:
+        description: 'Run Trivy scan ?'
+        default: false
+        required: false
+        type: boolean
 
 env:
   GCHAT_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_GCHAT_WEBHOOK_URL }}
@@ -89,7 +95,7 @@ jobs:
               :runAllSampleTests
   scan:
     needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
+    if: ${{ needs.prerequisites.outputs.runjobs && inputs.run-trivy-scan }}
     uses: ./.github/workflows/trivy-scan.yml
   deploy_artifacts:
     name: Deploy Artifacts (1.0.x)