Merge pull request #923 from l3montree-dev/update-workflow

timbastin · web-flow · commit 1706960a49b7 · 2025-07-24T15:34:31.000+02:00
Update asset name and artifact suffix in devguard-scanner workflow
diff --git a/.github/workflows/devguard-scanner.yaml b/.github/workflows/devguard-scanner.yaml
@@ -8,42 +8,6 @@ on:
 
 
 jobs:
-  # Secret scanning job to detect secrets in codebase
-  secret-scanning:
-    uses: l3montree-dev/devguard-action/.github/workflows/secret-scanning.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
-    # Secret scanning job to detect secrets in codebase
-  iac:
-    uses: l3montree-dev/devguard-action/.github/workflows/iac.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-  
-  sast:
-    uses: l3montree-dev/devguard-action/.github/workflows/sast.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
-  sca:
-    uses: l3montree-dev/devguard-action/.github/workflows/software-composition-analysis.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-      fail-on-risk: high
-      fail-on-cvss: high
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
   golangci:
     name: lint
     runs-on: ubuntu-latest
@@ -83,158 +47,81 @@ jobs:
         name: code-coverage
         path: coverage.out
 
-  # Docker image build job
-  build-image:
-    uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
+
+  devguard:
+    uses: l3montree-dev/devguard-action/.github/workflows/full.yml@main
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      fail-on-risk: high
+      fail-on-cvss: high
+      should-deploy:  ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
     secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-      build-args: "--context=. --dockerfile=Dockerfile --build-arg GITHUB_REF_NAME=$GITHUB_REF_NAME"
+      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}       
+      build-args: "--context=. --dockerfile=Dockerfile --build-arg GITHUB_REF_NAME=$GITHUB_REF_NAME"       
+
 
   build-scanner-image:
     uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
     with:
-      image-suffix: "-scanner"
-      artifact-suffix: "-scanner"
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
+      artifact-name: "scanner"
+      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}  
       build-args: "--context=. --dockerfile=Dockerfile.scanner"
 
-  # Image scanning job to detect vulnerabilities in the built Docker image
-  container-scanning:
-    uses: l3montree-dev/devguard-action/.github/workflows/container-scanning.yml@main
-    needs: 
-    - build-image
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-      fail-on-risk: high
-      fail-on-cvss: high
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
 
   # Image scanning job to detect vulnerabilities in the built Docker image
   scanner-container-scanning:
     uses: l3montree-dev/devguard-action/.github/workflows/container-scanning.yml@main
     needs: 
     - build-scanner-image
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
-      api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-      
-  deploy:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/deploy.yml@main
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
+      
   deploy-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/deploy.yml@main
     with:
-      artifact-suffix: "-scanner"
-      image-suffix: "-scanner"
+      artifact-name: "scanner"
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}     
     if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/troubleshooting-sast'
 
-  sign:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/sign.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
   
   sign-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/sign.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
-      api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
-
-  attest:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/attest.yml@main
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
+    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
 
   attest-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/attest.yml@main
     with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
+      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
