Workflows/publish fix

.github/workflows/lib-publish.yaml

@@ -6,11 +6,15 @@ on:
         default: "devel"
         required: false
         type: string
+env:
+  no_base_check: "['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']"
+
 jobs:
   image:
     name: Build image
     runs-on: ubuntu-22.04
     strategy:
+      fail-fast: false
       matrix:
         image:
           - intel-fpga-admissionwebhook
@@ -51,6 +55,8 @@ jobs:
           image-ref: intel/${{ matrix.image }}:${{ inputs.image_tag }}
           exit-code: 1
       - name: Test image base layer
+        # Don't run base layer check for selected images
+        if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
         run: IMG=intel/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
       - name: Login
         uses: docker/login-action@v2

.trivyignore

@@ -24,5 +24,9 @@ AVD-KSV-0047
 # device plugin operator requires access to daemonset creation etc.
 AVD-KSV-0048
 
+# HostPath present many security risks and as a security practice it is better to avoid critical host paths mounts.
+# Some plugins require access to various host paths
+AVD-KSV-0121
+
 # Device plugins do not use any CSIs
 ## CVE-2019-11255