updating yamls

damienjburks · damienjburks · commit cc5821f24489 · 2025-03-23T18:27:45.000-05:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,19 +1,18 @@
-name: Build Docker Image
+name: Build Python Project
 on:
   workflow_call:
 
 
 jobs: 
-     # Build Docker Image  
   build:
-    name: Build Docker Image
+    name: Install dependencies and build project
     runs-on: ubuntu-latest
-
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Build Docker Image
-      run: |
-        docker build -t awesome-fastapi:${{ github.sha }} . 
-        
+      - uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+          python -m pip install --upgrade pip
+      - name: Build Project
+        run: |
+          python -m build
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,13 +1,18 @@
-# name: Main Workflow
-# on:
-#   push:
-#     branches:
-#       - main
-#   workflow_dispatch:
+name: Main Workflow
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
 
-# jobs:
-#   # Add Publisher Job here
-#   publish:
-#     uses: ./.github/workflows/publish.yml
-#     secrets: inherit
-      
+jobs:
+  # Add Publisher Job here
+  build:
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+  syntax:
+    uses: ./.github/workflows/syntax.yml
+    secrets: inherit
+  scan:
+    uses: ./.github/workflows/scan.yml
+    secrets: inherit
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -1,16 +1,16 @@
-name: PR Workflow
-on:
-  pull_request:
-    types:
-      - opened
-      - edited
-      - synchronize
-      - reopened
+# name: PR Workflow
+# on:
+#   pull_request:
+#     types:
+#       - opened
+#       - edited
+#       - synchronize
+#       - reopened
 
-permissions:
-  contents: read
-  security-events: write
-  actions: read
+# permissions:
+#   contents: read
+#   security-events: write
+#   actions: read
   
 
-jobs:
+# jobs:
diff --git a/.github/workflows/push-image.yml b/.github/workflows/push-image.yml
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -0,0 +1,32 @@
+name: Security Scanning
+
+on:
+  workflow_call:
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Generate SBOM with Trivy
+        run: |
+          docker run --rm -v $(pwd):/app aquasec/trivy:latest fs --format cyclonedx --output /app/sbom.json /app
+
+      - name: Upload SBOM artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: sbom
+          path: sbom.json
diff --git a/.github/workflows/syntax.yml b/.github/workflows/syntax.yml
@@ -1,4 +1,4 @@
-name: Linting and Formating Checks
+name: Linting & Formating Checks
 on:
     workflow_call:
 
@@ -14,7 +14,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: 'Setup Python ${{ matrix.python-version}}'
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: '${{ matrix.python-version}}'
 
@@ -36,7 +36,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: 'Setup Python ${{ matrix.python-version}}'
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: '${{ matrix.python-version}}'
 
