From f030e7b2442e1afc740eb388cf9d6676038b4611 Mon Sep 17 00:00:00 2001
From: Chris Bono <chris.bono@gmail.com>
Date: Wed, 6 Nov 2024 19:13:50 -0600
Subject: [PATCH] [CI] Do not run Trivy scan by default (1.0.x branch)

To get around recent TOOMANYREQUESTS from Trivy during DB download,
this commit does the following:

- removes the scan from ci-pr.yml altogether
- makes scan optional (default false) for ci.yml
---
 .github/workflows/ci-pr.yml | 7 +------
 .github/workflows/ci.yml    | 8 +++++++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
index 1dcdd67f..9cf768f0 100644
--- a/.github/workflows/ci-pr.yml
+++ b/.github/workflows/ci-pr.yml
@@ -99,14 +99,9 @@ jobs:
               -PspringPulsarVersion="$VERSION" \
               -PspringBootVersion="$BOOT_VERSION" \
               :runAllSampleTests
-  scan:
-    needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
-    uses: ./.github/workflows/trivy-scan.yml
-
   done:
     runs-on: ubuntu-latest
-    needs: [ build_and_verify, check_samples, scan ]
+    needs: [ build_and_verify, check_samples ]
     steps:
       - name: 'Done'
         shell: bash
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0285f618..c255a879 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,12 @@ on:
     paths-ignore:
       - '.github/**'
   workflow_dispatch:
+    inputs:
+      run-trivy-scan:
+        description: 'Run Trivy scan ?'
+        default: false
+        required: false
+        type: boolean
 
 env:
   GCHAT_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_GCHAT_WEBHOOK_URL }}
@@ -89,7 +95,7 @@ jobs:
               :runAllSampleTests
   scan:
     needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
+    if: ${{ needs.prerequisites.outputs.runjobs && inputs.run-trivy-scan }}
     uses: ./.github/workflows/trivy-scan.yml
   deploy_artifacts:
     name: Deploy Artifacts (1.0.x)