From b6f7fbf4cd5b523db315bbfe4c8ee34483823e88 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Tue, 12 Nov 2024 17:59:48 +0000
Subject: [PATCH] feat: add skip_cve option to img_build workflow

---
 .github/workflows/image_build.yml       | 9 +++++++--
 .github/workflows/image_build_multi.yml | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/image_build.yml b/.github/workflows/image_build.yml
index 2f24c14..c74d42f 100644
--- a/.github/workflows/image_build.yml
+++ b/.github/workflows/image_build.yml
@@ -61,6 +61,12 @@ on:
         required: false
         type: boolean
         default: true
+      skip_cve:
+        description: "Skip specific CVE from checkcov (override rules)."
+        required: false
+        type: string
+        # Skip mandatory user creation, allow ROOT usage
+        default: "CKV_DOCKER_8,CKV_DOCKER_2,CKV_DOCKER_3,CKV_DOCKER_5"
     outputs:
       image_name:
         description: "The final full image reference."
@@ -120,8 +126,7 @@ jobs:
           file: ${{ inputs.context }}/${{ inputs.dockerfile }} # only run on file
           dockerfile_path: ${{ inputs.context }}/${{ inputs.dockerfile }}
           quiet: true # show only failed checks
-          skip_check: CKV_DOCKER_8,CKV_DOCKER_2,CKV_DOCKER_3,CKV_DOCKER_5
-          # Skip mandatory user creation, allow ROOT usage
+          skip_check: ${{ inputs.skip_cve }}
 
       - name: Log in to the Container registry
         uses: docker/login-action@v3
diff --git a/.github/workflows/image_build_multi.yml b/.github/workflows/image_build_multi.yml
index b6238cd..82502b7 100644
--- a/.github/workflows/image_build_multi.yml
+++ b/.github/workflows/image_build_multi.yml
@@ -56,6 +56,12 @@ on:
         required: false
         type: boolean
         default: true
+      skip_cve:
+        description: "Skip specific CVE from checkcov (override rules)."
+        required: false
+        type: string
+        # Skip mandatory user creation, allow ROOT usage
+        default: "CKV_DOCKER_8,CKV_DOCKER_2,CKV_DOCKER_3,CKV_DOCKER_5"
     outputs:
       image_name:
         description: "The final full image reference."
@@ -78,8 +84,7 @@ jobs:
           file: ${{ inputs.context }}/${{ inputs.dockerfile }} # only run on file
           dockerfile_path: ${{ inputs.context }}/${{ inputs.dockerfile }}
           quiet: true # show only failed checks
-          skip_check: CKV_DOCKER_8,CKV_DOCKER_2,CKV_DOCKER_3,CKV_DOCKER_5
-          # Skip mandatory user creation, allow ROOT usage
+          skip_check: ${{ inputs.skip_cve }}
 
   build-images:
     runs-on: ubuntu-latest