Preparing action merge

.github/workflows/build-push-dev-image.yml

@@ -1,17 +1,16 @@
 # Workflow responsible for the 
 # development release processes.
-#
 
 name: Build-Push-Dev-Image
 on:
   push:
-    branches:
-      - develop
+    # branches:
+    #   - develop
     paths-ignore:
       - README.md
       - .old_cicd/*
-      - .github/*
-      # - .github/workflows/*
+      # - .github/*
+      # - .github/workflows/* This remains commented out after testing
       - LICENSE
       - .gitignore
       - .dockerignore
@@ -24,65 +23,5 @@ on:
 
 jobs:
   build-push-dev-image:
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Checkout Code
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ github.head_ref }} 
-        # fetch-depth: 0 means, get all branches and commits
-        fetch-depth: 0
-
-    - name: Set short git commit SHA
-      id: vars
-      run: |
-        echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
-    # https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
-
-    - name: Confirm git commit SHA output
-      run: echo ${{ steps.vars.outputs.short_sha }}
-
-    # Docker Buildx is important to caching in the Build And Push Container
-    # step
-    # https://github.com/marketplace/actions/build-and-push-docker-images
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      with:
-        driver-opts: |
-          network=host
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        logout: true
-
-    - name: Login to Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: containers.renci.org
-        username: ${{ secrets.CONTAINERHUB_USERNAME }}
-        password: ${{ secrets.CONTAINERHUB_TOKEN }}
-        logout: true
-
-
-    # Notes on Cache: 
-    # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
-    - name: Build Push Container
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        # Push to renci-registry and dockerhub here.
-        # cache comes from dockerhub.
-        tags: |
-          ${{ github.repository }}:develop
-          ${{ github.repository }}:${{ steps.vars.outputs.short_sha }}
-          containers.renci.org/${{ github.repository }}:develop
-          containers.renci.org/${{ github.repository }}:${{ steps.vars.outputs.short_sha }}
-        cache-from: type=registry,ref=${{ github.repository }}:buildcache
-        cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max
-
+    uses: helxplatform/helx-github-actions/.github/workflows/build-push-dev-image.yml@develop
+    secrets: inherit

.github/workflows/build-push-release.yml

@@ -10,119 +10,23 @@ on:
   #       description: 'Tag for new release, ie 1.1.2 .. 4.0.0, etc. 🛑 DO not include the ⍘v⍘ '
   #       required: true
   #       type: string
-
+ #keep ^ commented out after testing
   push:
-    branches:
-      - master 
-      - main
-    paths-ignore:
-      - README.md
-      - .old_cicd/*
-      - .github/*
-      - .github/workflows/*
-      - LICENSE
-      - .gitignore
-      - .dockerignore
-      - .githooks
-    tags-ignore:
-      - 'v[0-9]+.[0-9]+.*'
+    # branches:
+    #   - master 
+    #   - main
+    # paths-ignore:
+    #   - README.md
+    #   - .old_cicd/*
+    #   - .github/*
+    #   - .github/workflows/*
+    #   - LICENSE
+    #   - .gitignore
+    #   - .dockerignore
+    #   - .githooks
+    # tags-ignore:
+    #   - 'v[0-9]+.[0-9]+.*'
 jobs:
   build-push-release:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout Code
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ github.head_ref }} 
-        fetch-depth: 0
-
-    - name: Set short git commit SHA
-      id: vars
-      run: |
-        echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
-    # https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
-
-    - name: Confirm git commit SHA output
-      run: echo ${{ steps.vars.outputs.short_sha }}
-
-    # https://github.com/marketplace/actions/git-semantic-version
-    - name: Semver Check
-      uses: paulhatch/[email protected]
-      id: version
-      with:
-        # The prefix to use to identify tags
-        tag_prefix: "v"
-        # A string which, if present in a git commit, indicates that a change represents a
-        # major (breaking) change, supports regular expressions wrapped with '/'
-        major_pattern: "/breaking:|major:/"
-        # A string which indicates the flags used by the `major_pattern` regular expression. Supported flags: idgs
-        major_regexp_flags: "ig"
-        # Same as above except indicating a minor change, supports regular expressions wrapped with '/'
-        minor_pattern: "/feat:|feature:|minor:/"
-        # A string which indicates the flags used by the `minor_pattern` regular expression. Supported flags: idgs
-        minor_regexp_flags: "ig"
-        # A string to determine the format of the version output
-        # version_format: "${major}.${minor}.${patch}-prerelease${increment}"
-        version_format: "${major}.${minor}.${patch}"
-        search_commit_body: false
-
-    # Docker Buildx is important to caching in the Build And Push Container
-    # step
-    # https://github.com/marketplace/actions/build-and-push-docker-images
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        logout: true
-
-    - name: Login to Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: containers.renci.org
-        username: ${{ secrets.CONTAINERHUB_USERNAME }}
-        password: ${{ secrets.CONTAINERHUB_TOKEN }}
-        logout: true
-
-    # Notes on Cache: 
-    # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
-    - name: Build Push Container
-      uses: docker/build-push-action@v5
-      with:
-        push: true
-        # Push to renci-registry and dockerhub here.
-        # cache comes from dockerhub.
-        tags: |
-          containers.renci.org/${{ github.repository }}:v${{ steps.version.outputs.version }}
-          containers.renci.org/${{ github.repository }}:latest
-          containers.renci.org/${{ github.repository }}:${{ steps.vars.outputs.short_sha }}
-          ${{ github.repository }}:v${{ inputs.versionTag }}
-          ${{ github.repository }}:latest
-          ${{ github.repository }}:${{ steps.vars.outputs.short_sha }}
-        cache-from: type=registry,ref=${{ github.repository }}:buildcache
-        cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max
-
-#==========================TAG & RELEASE W/ NOTES =========================
-
-    # This creates a "lightweight" ref tag.
-    - name: Create Tag for Release
-      run: |
-        curl \
-        -s --fail -X POST \
-        -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-        https://api.github.com/repos/${{ github.repository }}/git/refs \
-        -d '{"ref":"refs/tags/v${{ steps.version.outputs.version }}","sha":"${{ github.sha }}"}'
-
-#   https://cli.github.com/manual/gh_release_create
-    - name: Create Release
-      env:
-        RELEASE_VERSION: ${{ steps.version.outputs.version }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        gh release create ${{ env.RELEASE_VERSION }} \
-          -t "${{ env.RELEASE_VERSION }}" \
-          --generate-notes \
-          --latest
+    uses: helxplatform/helx-github-actions/.github/workflows/build-push-release.yml@develop
+    secrets: inherit

.github/workflows/build-test.yml

@@ -1,19 +1,19 @@
-name: Code-Checks
+name: Build-Test
 on:
   push:
-    branches-ignore:
-      - master
-      - main
-      - develop
-    paths-ignore:
-      - README.md
-      - .old_cicd/*
-      - .github/*
-      - .github/workflows/*
-      - LICENSE
-      - .gitignore
-      - .dockerignore
-      - .githooks
+    # branches-ignore:
+    #   - master
+    #   - main
+    #   - develop
+    # paths-ignore:
+    #   - README.md
+    #   - .old_cicd/*
+    #   - .github/*
+    #   - .github/workflows/*
+    #   - LICENSE
+    #   - .gitignore
+    #   - .dockerignore
+    #   - .githooks
   pull_request:
     branches:
       - develop
@@ -22,36 +22,6 @@ on:
     types: [ opened, synchronize ]
 
 jobs:
-  test-image-build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Set short git commit SHA
-      id: vars
-      run: |
-        echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
-    # https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
-
-    - name: Confirm git commit SHA output
-      run: echo ${{ steps.vars.outputs.short_sha }}
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        logout: true
-
-    # Notes on Cache: 
-    # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
-    - name: Build Container
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: false
-        cache-from: type=registry,ref=${{ github.repository }}:buildcache
-        cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max
+  build-test:
+    uses: helxplatform/helx-github-actions/.github/workflows/build-test.yml@develop
+    secrets: inherit

.github/workflows/trivy-pr-scan.yml

@@ -1,5 +1,6 @@
 name: trivy-pr-scan 
 on:
+  push: #get rid of this after testing
   pull_request:
     branches:
       - develop
@@ -17,50 +18,6 @@ on:
     - .githooks
 
 jobs:
- trivy-pr-scan:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      with:
-        driver-opts: |
-          network=host
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        logout: true
-
-    # Notes on Cache: 
-    # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
-    - name: Build Container
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: false
-        load: true
-        tags: ${{ github.repository }}:vuln-test
-        cache-from: type=registry,ref=${{ github.repository }}:buildcache
-        cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max
-
-    # We will not be concerned with Medium and Low vulnerabilities
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: '${{ github.repository }}:vuln-test'
-        format: 'sarif'
-        severity: 'CRITICAL,HIGH'
-        output: 'trivy-results.sarif'
-        exit-code: '1'
-    # Scan results should be viewable in GitHub Security Dashboard
-    # We still fail the job if results are found, so below will always run
-    # unless manually canceled.
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
-      if: '!cancelled()'
-      with:
-        sarif_file: 'trivy-results.sarif'
+  trivy-pr-scan:
+    uses: helxplatform/helx-github-actions/.github/workflows/trivy-pr-scan.yml@develop
+    secrets: inherit