simplify checks

Author: h4x3rotab

.actrc

@@ -0,0 +1,2 @@
+-P ubuntu-latest=catthehacker/ubuntu:act-latest
+--container-architecture linux/amd64

.github/workflows/security-scan.yml

@@ -10,9 +10,9 @@ on:
     - cron: '0 2 * * 1'
 
 jobs:
-  basic-security-checks:
+  basic-checks:
     runs-on: ubuntu-latest
-    name: Basic Security Checks
+    name: Basic Checks (dev.sh)
     steps:
       - uses: actions/checkout@v4
 
@@ -25,12 +25,16 @@ jobs:
           # Install yamllint
           pip install yamllint
 
-      - name: Run dev.sh security checks
-        run: ./dev.sh security
+      - name: Run all checks
+        run: ./dev.sh check-all
 
-  secret-scan:
+  advanced-security:
     runs-on: ubuntu-latest
-    name: Secret Detection
+    name: Advanced Security Scans
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -44,46 +48,6 @@ jobs:
           head: HEAD
           extra_args: --debug --only-verified
 
-  dependency-scan:
-    runs-on: ubuntu-latest
-    name: Dependency Vulnerability Scan
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Scan for vulnerable dependencies
-        run: |
-          echo "Scanning for vulnerable dependencies..."
-
-          # Find all package.json files
-          find . -name "package.json" -not -path "./node_modules/*" | while read -r package_file; do
-            echo "Scanning: $package_file"
-            dir=$(dirname "$package_file")
-
-            if command -v npm >/dev/null 2>&1; then
-              cd "$dir"
-              npm audit --audit-level=high || echo "❌ Vulnerabilities found in $package_file"
-              cd - > /dev/null
-            fi
-          done
-
-          # Find all requirements.txt files
-          find . -name "requirements.txt" -not -path "./venv/*" | while read -r req_file; do
-            echo "Found Python requirements: $req_file"
-            echo "⚠️ Consider using 'pip-audit' for Python dependency scanning"
-          done
-
-          # Find all go.mod files
-          find . -name "go.mod" | while read -r go_file; do
-            echo "Found Go module: $go_file"
-            echo "⚠️ Consider using 'nancy' or 'govulncheck' for Go dependency scanning"
-          done
-
-  dockerfile-scan:
-    runs-on: ubuntu-latest
-    name: Dockerfile Security Scan
-    steps:
-      - uses: actions/checkout@v4
-
       - name: Run Hadolint
         uses: hadolint/[email protected]
         with:
@@ -98,16 +62,6 @@ jobs:
         with:
           sarif_file: hadolint-results.sarif
 
-  code-security:
-    runs-on: ubuntu-latest
-    name: Code Security Analysis
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - uses: actions/checkout@v4
-
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
@@ -122,28 +76,9 @@ jobs:
         with:
           category: "/language:javascript,python,go"
 
-  comprehensive-security:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'schedule'
-    name: Comprehensive Security Check
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        run: |
-          # Install shellcheck
-          sudo apt-get update
-          sudo apt-get install -y shellcheck
-          
-          # Install yamllint
-          pip install yamllint
-
-      - name: Run all checks
-        run: ./dev.sh check-all
-
   security-summary:
     runs-on: ubuntu-latest
-    needs: [basic-security-checks, secret-scan, dependency-scan, dockerfile-scan, code-security]
+    needs: [basic-checks, advanced-security]
     if: always()
     name: Security Summary
 
@@ -154,23 +89,17 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
 
           # Check job results
-          basic_result="${{ needs.basic-security-checks.result }}"
-          secret_result="${{ needs.secret-scan.result }}"
-          dependency_result="${{ needs.dependency-scan.result }}"
-          dockerfile_result="${{ needs.dockerfile-scan.result }}"
-          code_result="${{ needs.code-security.result }}"
+          basic_result="${{ needs.basic-checks.result }}"
+          advanced_result="${{ needs.advanced-security.result }}"
 
           echo "| Security Check | Status |" >> $GITHUB_STEP_SUMMARY
           echo "|----------------|--------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Basic Security | $basic_result |" >> $GITHUB_STEP_SUMMARY
-          echo "| Secret Detection | $secret_result |" >> $GITHUB_STEP_SUMMARY
-          echo "| Dependency Scan | $dependency_result |" >> $GITHUB_STEP_SUMMARY
-          echo "| Dockerfile Scan | $dockerfile_result |" >> $GITHUB_STEP_SUMMARY
-          echo "| Code Analysis | $code_result |" >> $GITHUB_STEP_SUMMARY
+          echo "| Basic Checks (dev.sh) | $basic_result |" >> $GITHUB_STEP_SUMMARY
+          echo "| Advanced Security | $advanced_result |" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
 
           # Overall status
-          if [[ "$basic_result $secret_result $dependency_result $dockerfile_result $code_result" == *"failure"* ]]; then
+          if [[ "$basic_result $advanced_result" == *"failure"* ]]; then
             echo "🔴 **Security issues detected!** Please review the scan results." >> $GITHUB_STEP_SUMMARY
           else
             echo "🟢 **All security scans passed successfully.**" >> $GITHUB_STEP_SUMMARY

.github/workflows/validate-examples.yml

@@ -10,69 +10,8 @@ on:
     - cron: '0 0 * * 0'
 
 jobs:
-  detect-changes:
+  check-all:
     runs-on: ubuntu-latest
-    outputs:
-      examples: ${{ steps.changes.outputs.examples }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Detect changed examples
-        id: changes
-        run: |
-          if [ "${{ github.event_name }}" == "schedule" ]; then
-            # For scheduled runs, test all examples
-            examples=$(./dev.sh list | grep -E "^  - " | sed 's/^  - //' | jq -R -s -c 'split("\n")[:-1]')
-          else
-            # For PR/push, only test changed examples
-            changed_files=$(git diff --name-only ${{ github.event.before }}..${{ github.sha }} || git diff --name-only HEAD~1)
-            examples=$(echo "$changed_files" | grep -E "(docker-compose\.ya?ml|Dockerfile|\.sh)$" | xargs dirname 2>/dev/null | sort -u | jq -R -s -c 'split("\n")[:-1]' || echo '[]')
-          fi
-          echo "examples=$examples" >> $GITHUB_OUTPUT
-
-  validate-examples:
-    runs-on: ubuntu-latest
-    needs: detect-changes
-    if: needs.detect-changes.outputs.examples != '[]'
-    strategy:
-      matrix:
-        example: ${{ fromJson(needs.detect-changes.outputs.examples) }}
-      fail-fast: false
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Validate example
-        run: |
-          example="${{ matrix.example }}"
-          echo "Validating: $example"
-          ./dev.sh validate "$example"
-
-  lint-and-security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        run: |
-          # Install shellcheck
-          sudo apt-get update
-          sudo apt-get install -y shellcheck
-          
-          # Install yamllint
-          pip install yamllint
-
-      - name: Run lint checks
-        run: ./dev.sh lint
-
-      - name: Run security checks
-        run: ./dev.sh security
-
-  comprehensive-check:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'schedule'
     steps:
       - uses: actions/checkout@v4
 
@@ -88,30 +27,14 @@ jobs:
       - name: Run all checks
         run: ./dev.sh check-all
 
-  summary:
-    runs-on: ubuntu-latest
-    needs: [detect-changes, validate-examples, lint-and-security]
-    if: always()
-
-    steps:
-      - name: Validation Summary
+      - name: Create summary
+        if: always()
         run: |
           echo "## Validation Summary" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-
-          examples="${{ needs.detect-changes.outputs.examples }}"
-          if [ "$examples" == "[]" ] || [ "$examples" == "" ]; then
-            echo "No examples were modified or detected for validation." >> $GITHUB_STEP_SUMMARY
-          else
-            echo "Validated examples: $examples" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-
-            # Check job results
-            validation_result="${{ needs.validate-examples.result }}"
-            lint_security_result="${{ needs.lint-and-security.result }}"
-
-            echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
-            echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Example Validation | $validation_result |" >> $GITHUB_STEP_SUMMARY
-            echo "| Lint & Security | $lint_security_result |" >> $GITHUB_STEP_SUMMARY
-          fi
+          echo "✅ Ran comprehensive checks including:" >> $GITHUB_STEP_SUMMARY
+          echo "- Structure validation for all examples" >> $GITHUB_STEP_SUMMARY
+          echo "- Docker Compose syntax validation" >> $GITHUB_STEP_SUMMARY
+          echo "- Security scanning" >> $GITHUB_STEP_SUMMARY
+          echo "- Shell script linting" >> $GITHUB_STEP_SUMMARY
+          echo "- YAML linting" >> $GITHUB_STEP_SUMMARY