modularize workflows

Sam Morris · Sam Morris · commit 7ed9990a4c70 · 2025-04-07T13:44:59.000-04:00
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -12,8 +12,6 @@ on:
 
 env:
   IMAGE_NAME: samanthamorris684/catbot
-  # Change this from latest
-  COMPARE_TAG: latest
   USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
   PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
@@ -34,19 +32,6 @@ jobs:
         run: |
           docker build -t $IMAGE_NAME:${{ inputs.IMAGE_TAG }} .
           docker push $IMAGE_NAME:${{ inputs.IMAGE_TAG }}
-
-      - name: Docker Scout
-        id: docker-scout
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/scout-action@v1
-        with:
-          command: compare
-          image: $IMAGE_NAME:${{ inputs.IMAGE_TAG }}
-          to: ${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
-          ignore-unchanged: true
-          only-severities: critical,high
-          write-comment: true
-          github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
         
         
     
diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml
@@ -10,6 +10,4 @@ jobs:
     with:
       IMAGE_TAG: $GITHUB_REF_NAME
     secrets:
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} 
-    
-
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/pull-request-workflow.yml b/.github/workflows/pull-request-workflow.yml
@@ -0,0 +1,10 @@
+name: Pull request workflow
+
+on:
+  pull_request
+
+jobs:
+  scout:
+    uses: ./.github/workflows/scout.yml
+    with:
+      IMAGE_TAG: $GITHUB_REF_NAME
diff --git a/.github/workflows/scout.yml b/.github/workflows/scout.yml
@@ -0,0 +1,37 @@
+name: Security workflow
+on:
+  workflow_call:
+    inputs:
+      IMAGE_TAG:
+        required: true
+        type: string
+
+env:
+  REGISTRY: samanthamorris684
+  IMAGE_NAME: catbot
+  COMPARE_TAG: latest
+  USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+  PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
+
+jobs:
+  scout:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to registry
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+      
+      - name: Docker Scout
+        id: docker-scout
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          image: $IMAGE_NAME:${{ inputs.IMAGE_TAG }}
+          to: ${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }}
+          ignore-unchanged: true
+          only-severities: critical,high
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
