ci: Update tflint and trivy workflows.

Author: jamesiarmes

.github/workflows/tflint.yaml

@@ -13,6 +13,9 @@ permissions:
 jobs:
   lint:
     runs-on: ubuntu-latest
+    env:
+      # Required to avoid rate limiting when downloading plugins.
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Checkout source code
         uses: actions/checkout@v6
@@ -43,9 +46,8 @@ jobs:
         with:
           annotation-level: notice
           sarif-file: tflint-results.sarif
-      # When run on main, upload the SARIF file to GitHub.
       - name: Upload SARIF result
-        if: always() && github.ref == 'refs/heads/main'
+        if: always()
         uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: tflint-results.sarif

.github/workflows/trivy.yaml

@@ -2,6 +2,9 @@ name: Trivy Analysis
 
 on:
   push:
+  pull_request:
+    branches:
+      - main
 
 permissions:
   contents: read
@@ -16,21 +19,18 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/[email protected]
         with:
-          scan-type: config
-          ignore-unfixed: true
-          skip-dirs: "**/*/.terraform"
-          exit-code: 1
           format: sarif
           output: trivy-results.sarif
+          scan-type: config
+          trivy-config: trivy.yaml
       - name: Parse SARIF file for annotations
         if: always()
         uses: jontyms/[email protected]
         with:
           annotation-level: notice
           sarif-file: trivy-results.sarif
-      # When run on main, upload the SARIF file to GitHub.
       - name: Upload SARIF result
-        if: always() && github.ref == 'refs/heads/main'
+        if: always()
         uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: trivy-results.sarif