Skip to content

feat(security): add docker_build_args input to pr-security-scan workflow#193

Merged
bedatty merged 1 commit intodevelopfrom
feat/docker-build-args-security-scan
Apr 1, 2026
Merged

feat(security): add docker_build_args input to pr-security-scan workflow#193
bedatty merged 1 commit intodevelopfrom
feat/docker-build-args-security-scan

Conversation

@bedatty
Copy link
Copy Markdown
Contributor

@bedatty bedatty commented Apr 1, 2026

Lerian

GitHub Actions Shared Workflows

Description

Add an optional docker_build_args input to the pr-security-scan workflow and forward it to the docker/build-push-action step. Monorepo projects with a unified Dockerfile that uses ARG parameters (e.g., APP_NAME, COMPONENT_NAME) fail the Docker build during security scanning because the build arguments are never passed through.

Type of Change

  • feat: New workflow or new input/output/step in an existing workflow
  • fix: Bug fix in a workflow (incorrect behavior, broken step, wrong condition)
  • perf: Performance improvement (e.g. caching, parallelism, reduced steps)
  • refactor: Internal restructuring with no behavior change
  • docs: Documentation only (README, docs/, inline comments)
  • ci: Changes to self-CI (workflows under .github/workflows/ that run on this repo)
  • chore: Dependency bumps, config updates, maintenance
  • test: Adding or updating tests
  • BREAKING CHANGE: Callers must update their configuration after this PR

Breaking Changes

None.

Testing

  • YAML syntax validated locally
  • Triggered a real workflow run on a caller repository using @develop or the beta tag
  • Verified all existing inputs still work with default values
  • Confirmed no secrets or tokens are printed in logs
  • Checked that unrelated workflows are not affected

Caller repo / workflow run: https://github.com/LerianStudio/plugin-br-pix-switch/actions/runs/23829619256/job/69460062302?pr=6

Related Issues

Closes #192

@bedatty bedatty requested a review from a team as a code owner April 1, 2026 12:51
@lerian-studio lerian-studio added size/XS PR changes < 50 lines workflow Changes to one or more reusable workflow files security Changes to security workflows or vulnerability reporting policy labels Apr 1, 2026
@lerian-studio
Copy link
Copy Markdown

lerian-studio commented Apr 1, 2026

🔍 Lint Analysis

Check Files Scanned Status
YAML Lint 1 file(s) ✅ success
Action Lint 1 file(s) ✅ success
Pinned Actions 1 file(s) ✅ success
Markdown Link Check no changes ⏭️ skipped
Spelling Check 1 file(s) ✅ success
Shell Check 1 file(s) ✅ success
README Check 1 file(s) ✅ success
Composite Schema no changes ⏭️ skipped

🔍 View full scan logs

@lerian-studio
Copy link
Copy Markdown

lerian-studio commented Apr 1, 2026

🛡️ CodeQL Analysis Results

Languages analyzed: actions

✅ No security issues found.

🔍 View full scan logs | 🛡️ Security tab

@bedatty bedatty merged commit f8f7e99 into develop Apr 1, 2026
17 checks passed
@github-actions github-actions bot deleted the feat/docker-build-args-security-scan branch April 1, 2026 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bedatty bedatty

Labels

security Changes to security workflows or vulnerability reporting policy size/XS PR changes < 50 lines workflow Changes to one or more reusable workflow files

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bedatty @lerian-studio