fix(build): add docker_build_args input to build workflow

[bedatty]

GitHub Actions Shared Workflows

---

Description

Type of Change

• feat: New workflow or new input/output/step in an existing workflow
• fix: Bug fix in a workflow (incorrect behavior, broken step, wrong condition)
• perf: Performance improvement (e.g. caching, parallelism, reduced steps)
• refactor: Internal restructuring with no behavior change
• docs: Documentation only (README, docs/, inline comments)
• ci: Changes to self-CI (workflows under .github/workflows/ that run on this repo)
• chore: Dependency bumps, config updates, maintenance
• test: Adding or updating tests
• BREAKING CHANGE: Callers must update their configuration after this PR

Breaking Changes

None.

Testing

• YAML syntax validated locally
• Triggered a real workflow run on a caller repository using @develop or the beta tag
• Verified all existing inputs still work with default values
• Confirmed no secrets or tokens are printed in logs
• Checked that unrelated workflows are not affected

Caller repo / workflow run:

Related Issues

Closes #

Summary by CodeRabbit

• New Features
  • Build and security scan workflows now accept custom Docker build arguments (docker_build_args) for flexible image configuration during CI/CD pipelines.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b3f6c98c-3411-4b4a-a842-192f5d34cb0e

📥 Commits

Reviewing files that changed from the base of the PR and between f8f7e99 and c695190.

📒 Files selected for processing (2)

• .github/workflows/build.yml
• .github/workflows/pr-security-scan.yml

---

Walkthrough

Two GitHub workflow files receive a new optional input docker_build_args (string, default empty) that forwards Docker build-time arguments to the docker/build-push-action step during image builds and security scans.

Changes

Cohort / File(s)	Summary
Workflow Docker Build Arguments .github/workflows/build.yml, .github/workflows/pr-security-scan.yml	Added docker_build_args workflow input (optional, newline-separated string) and wired it to docker/build-push-action via build-args parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/docker-build-args-security-scan

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[lerian-studio]

🔍 Lint Analysis

Check	Files Scanned	Status
YAML Lint	2 file(s)	✅ success
Action Lint	2 file(s)	✅ success
Pinned Actions	2 file(s)	✅ success
Markdown Link Check	no changes	⏭️ skipped
Spelling Check	2 file(s)	✅ success
Shell Check	2 file(s)	✅ success
README Check	2 file(s)	✅ success
Composite Schema	no changes	⏭️ skipped

⚠️ Warnings (2)

Pinned Actions

.github

• .github (line 81) — Found 1 internal action(s) not pinned to a version. Consider pinning to vX.Y.Z.

.github/workflows/build.yml

• .github/workflows/build.yml (line 344) — Internal action not pinned to a version: uses: LerianStudio/github-actions-shared-workflows/src/security/cosign-sign@feat/cosign-sign

---

_{🔍 View full scan logs}

[lerian-studio]

🛡️ CodeQL Analysis Results

Languages analyzed: actions

✅ No security issues found.

---

_{🔍 View full scan logs | 🛡️ Security tab}