Add built-in detectors to GH actions

Author: RobGeada

.github/workflows/build-and-push-hf.yaml

@@ -55,34 +55,44 @@ jobs:
           echo "SHA: ${{ github.event.pull_request.head.sha }}"
           echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
           echo "CI IMAGE AT: quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:${{ github.event.pull_request.head.sha }}"
+          echo "Built-In Detector CI IMAGE AT: quay.io/trustyai/regex-detector-ci:${{ github.event.pull_request.head.sha }}"
 
       # Set environments depending on context
       - name: Set CI environment
         if:  env.BUILD_CONTEXT == 'ci'
         run: |
           echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
           echo "IMAGE_NAME=quay.io/trustyai/guardrails-detector-huggingface-runtime-ci" >> $GITHUB_ENV
+          echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/regex-detector-ci" >> $GITHUB_ENV
       - name: Set main-branch environment
         if:  env.BUILD_CONTEXT == 'main'
         run: |
           echo "TAG=latest" >> $GITHUB_ENV
           echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
+          echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/regex-detector" >> $GITHUB_ENV
       - name: Set tag environment
         if: env.BUILD_CONTEXT == 'tag'
         run: |
           echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
           echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
+          echo "BUILTIN_IMAGE_NAME=quay.io/trustyai/regex-detector" >> $GITHUB_ENV
       #
       # Run docker commands
       - name: Put expiry date on CI-tagged image
         if:  env.BUILD_CONTEXT == 'ci'
-        run: echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.hf
+        run: |
+          echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.hf
+          echo 'LABEL quay.expires-after=7d#' >> detectors/Dockerfile.builtIn
       - name: Build image
         run: docker build -t ${{ env.IMAGE_NAME }}:$TAG -f detectors/Dockerfile.hf detectors
       - name: Log in to Quay
         run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io
       - name: Push to Quay CI repo
         run: docker push ${{ env.IMAGE_NAME }}:$TAG
+      - name: Build built-in detector image
+        run: docker build -t ${{ env.BUILTIN_IMAGE_NAME }}:$TAG -f detectors/Dockerfile.builtIn detectors
+      - name: Push to Quay CI repo
+        run: docker push ${{ env.BUILTIN_IMAGE_NAME }}:$TAG
 
       # Leave comment
       - uses: peter-evans/find-comment@v3
@@ -104,6 +114,7 @@ jobs:
             PR image build completed successfully!
             
             📦 [PR image](https://quay.io/repository/trustyai/guardrails-detector-huggingface-runtime-ci?tab=tags): `quay.io/trustyai/guardrails-detector-huggingface-runtime-ci:${{ github.event.pull_request.head.sha }}`
+            📦 [PR image](https://quay.io/trustyai/regex-detector-ci?tab=tags): `quay.io/trustyai/regex-detector-ci:${{ github.event.pull_request.head.sha }}`
       - name: Trivy scan
         uses: aquasecurity/[email protected]
         with:
@@ -115,8 +126,22 @@ jobs:
           exit-code: '0'
           ignore-unfixed: false
           vuln-type: 'os,library'
-
+      - name: Trivy scan, built-in image
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'image'
+          image-ref: "${{ env.BUILTIN_IMAGE_NAME }}:${{ env.TAG }}"
+          format: 'sarif'
+          output: 'trivy-results-built-in.sarif'
+          severity: 'MEDIUM,HIGH,CRITICAL'
+          exit-code: '0'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
       - name: Update Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
+      - name: Update Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results-built-in.sarif'