Create repo_level_scan.yml

.github/workflows/repo_level_scan.yml

@@ -0,0 +1,65 @@
+name: 'Repo Level Trivy Scan'
+
+on:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  # Job 1: Build the Docker image for the Python agent and push it to GHCR
+  build:
+    name: 'Build and Push Docker Image'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    outputs:
+      image-name: ${{ steps.set-image-name.outputs.image-name }}
+
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@v4
+
+      - name: 'Set up Python'
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: 'Install dependencies from setup.py'
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+
+      - name: 'Log in to GitHub Container Registry'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Build and push Docker image'
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          # locate Dockerfile
+          file: ./.github/containers/Dockerfile
+
+      - name: 'Set image name output'
+        id: set-image-name
+        run: echo "image-name=ghcr.io/${{ github.repository }}:${{ github.sha }}" >> $GITHUB_OUTPUT
+
+  # Job 2: Call the reusable organization workflow
+  scan:
+    name: 'Trigger Organization Scan'
+    needs: build
+    permissions:
+      contents: read
+      packages: read
+      security-events: write
+    uses: newrelic-trivy/.github/.github/workflows/org-level-trivy-scan.yml@main
+    with:
+      image-name: ${{ needs.build.outputs.image-name }}
+    secrets: inherit