From 91845516ad13c844f319133523fd5ca7cd8de8ff Mon Sep 17 00:00:00 2001
From: Sahil Ahuja <sahilahuja@gmail.com>
Date: Tue, 4 Mar 2025 15:15:06 +0530
Subject: [PATCH] Adding fail on scan

---
 .github/workflows/base-build-image.yml            | 5 ++++-
 repo-template/baseimage-repo/base-build-image.yml | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/base-build-image.yml b/.github/workflows/base-build-image.yml
index 92777c4..c855c47 100644
--- a/.github/workflows/base-build-image.yml
+++ b/.github/workflows/base-build-image.yml
@@ -6,6 +6,9 @@ on:
       image_tag:
         required: true
         type: string
+      fail_on_scan:
+        default: true
+        type: boolean
 
 jobs:
   docker-build-and-push:
@@ -52,7 +55,7 @@ jobs:
         output-format: table
         only-fixed: true
         severity-cutoff: critical
-        fail-build: true
+        fail-build: ${{ inputs.fail_on_scan }}
 
     - name: Push the container image
       run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
diff --git a/repo-template/baseimage-repo/base-build-image.yml b/repo-template/baseimage-repo/base-build-image.yml
index d6e6205..9d89e22 100644
--- a/repo-template/baseimage-repo/base-build-image.yml
+++ b/repo-template/baseimage-repo/base-build-image.yml
@@ -15,4 +15,5 @@ jobs:
     secrets: inherit
     with:
       image_tag: ${{ github.ref_name }}-v1 #Generally becomes basin:node-22-dev-v1
+      fail_on_scan: true
       #To be updated in the code repo as per requirement