[ZKUI-349] ✨ Implement GHAS

scality · May 16, 2023 · 6c1c68d · 6c1c68d
1 parent d320978
commit 6c1c68d
Showing 1 changed file with 5 additions and 61 deletions.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -14,73 +14,17 @@ on:
 
 
 jobs:
-  build:
-    runs-on: ubuntu-20.04
+  build-zenko-ui:
     permissions:
       contents: read
       packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2.3.5
-
-      - uses: actions/setup-node@v2.4.1
-        with:
-          node-version: '16'
-          cache: 'npm'
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to GitHub Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Login to Scality Registry
-        uses: docker/login-action@v2
-        with:
-          registry: registry.scality.com
-          username: ${{ secrets.REGISTRY_LOGIN }}
-          password: ${{ secrets.REGISTRY_PASSWORD}}
-
-      - name: install dependencies
-        run: npm config set unsafe-perm true && npm ci
-
-      - name: build assets
-        run: npm run build
-
-      - name: Build and push zenko ui
-        uses: docker/build-push-action@v2.7.0
-        with:
-          push: true
-          context: .
-          tags: |
-            ghcr.io/${{ github.repository }}/zenko-ui:${{ github.sha }}
-            registry.scality.com/zenko-ui-dev/zenko-ui:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push keycloak
-        uses: docker/build-push-action@v2.7.0
-        with:
-          push: true
-          context: .github/docker/keycloakconfig
-          tags: ghcr.io/${{ github.repository }}/ci-keycloak:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+    uses: scality/workflows/.github/workflows/docker-build.yaml@v1
+    with:
+      name: zenko-ui
 
   trivy-zenko-ui:
-    needs: build
+    needs: build-zenko-ui
     name: Trivy Vulnerability Scan for Code for Zenko-ui
     uses: scality/workflows/.github/workflows/trivy.yaml@v1
     with:
       name: zenko-ui
-
-  trivy-keycloak:
-    needs: build
-    name: Trivy Vulnerability Scan for Code
-    uses: scality/workflows/.github/workflows/trivy.yaml@v1
-    with:
-      name: ci-keycloak