From 79a4977f9d9856c48b1b5f853e270a5cef28c125 Mon Sep 17 00:00:00 2001
From: devops <devops@getjavelin.io>
Date: Wed, 23 Jul 2025 12:38:36 +0530
Subject: [PATCH] devops: Removing all unwanted pipelines

---
 .github/workflows/cron-weekly-changelog.yml | 21 ------
 .github/workflows/pr-check.yml              | 68 ++++++++++++++++--
 .github/workflows/pr-issues-status.yml      | 21 ------
 .github/workflows/pr-sec-trivy.yml          | 78 ++++++++++++++++++---
 4 files changed, 131 insertions(+), 57 deletions(-)
 delete mode 100644 .github/workflows/cron-weekly-changelog.yml
 delete mode 100644 .github/workflows/pr-issues-status.yml

diff --git a/.github/workflows/cron-weekly-changelog.yml b/.github/workflows/cron-weekly-changelog.yml
deleted file mode 100644
index bc6a8fa..0000000
--- a/.github/workflows/cron-weekly-changelog.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: Cron Weekly Changelog - Javelin Python
-
-on:
-  schedule:
-    - cron: '30 9 * * 1'  # Every Monday at 9:30 AM UTC = 3:00 PM IST
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  reusable-workflow:
-    permissions:
-      contents: 'write'
-      id-token: 'write'
-      pull-requests: 'write'
-    uses: getjavelin/javelin-workflow/.github/workflows/workflow-cron-weekly-changelog.yml@main
-    secrets:
-      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-      DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-      DEVOPS_PR_TOKEN: ${{ secrets.DEVOPS_PR_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 02b7bb0..e4259f5 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -12,12 +12,68 @@ on:
     types:
       - checks_requested
 
+env:
+  PY_LINT_CFG: ".flake8"
+  LINT_REPORT_FILE: "lint-report"
+  PY_VER: 3.11.8
+  PR_CHECK_PREFIX: "feat:|fix:|devops:|Merge|Revert|build\\(deps\\)|\\[Snyk\\]|Bump"
+
 jobs:
-  reusable-workflow:
+  javelin-commit-check:
     permissions:
       contents: 'read'
-      id-token: 'write'
-    uses: getjavelin/javelin-workflow/.github/workflows/workflow-pr-check.yml@main
-    secrets:
-      DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
\ No newline at end of file
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          persist-credentials: false
+
+      - name: Get the last commit message
+        id: commit_message
+        run: |
+          COMMIT_MESSAGE=$(git show -s --format=%s)
+          echo "message=${COMMIT_MESSAGE}" >> ${GITHUB_OUTPUT}
+
+      - name: Commit Message Check
+        shell: bash
+        env:
+          COMMIT_MESSAGE: "${{ steps.commit_message.outputs.message }}"
+        run: |-
+          CLEAN_COMMIT_MESSAGE=$(echo '${{ env.COMMIT_MESSAGE }}' | sed "s|\"||g")
+          if [[ "${CLEAN_COMMIT_MESSAGE}" =~ ^(${{ env.PR_CHECK_PREFIX }}) ]]; then
+            echo "Commit message is valid....!"
+          else
+            echo "Commit message does not contain required keywords....!"
+            exit 1
+          fi
+
+  javelin-lint-check:
+    permissions:
+      contents: 'read'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Python Version
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PY_VER }}
+          cache: 'pip'
+
+      - name: Python Lint Check
+        shell: bash
+        run: |-
+          pip install flake8
+          flake8 . --config=${{ env.PY_LINT_CFG }} --output-file=${{ env.LINT_REPORT_FILE }}.json
+
+      - name: Upload Lint Report
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.LINT_REPORT_FILE }}
+          path: ${{ env.LINT_REPORT_FILE }}.json
+          retention-days: 1
\ No newline at end of file
diff --git a/.github/workflows/pr-issues-status.yml b/.github/workflows/pr-issues-status.yml
deleted file mode 100644
index 0d95830..0000000
--- a/.github/workflows/pr-issues-status.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: PR Issue Status - Javelin Python
-
-on:
-  pull_request:
-    types:
-      - closed
-    branches:
-      - "main"
-
-jobs:
-  reusable-workflow:
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-      issues: 'write'
-      repository-projects: 'write'
-    uses: getjavelin/javelin-workflow/.github/workflows/workflow-pr-issues-status.yml@main
-    secrets:
-      DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-      DEVOPS_GITHUB_TOKEN_CLASSIC: ${{ secrets.DEVOPS_GITHUB_TOKEN_CLASSIC }}
-      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/pr-sec-trivy.yml b/.github/workflows/pr-sec-trivy.yml
index a8a3c9f..3e68e3f 100644
--- a/.github/workflows/pr-sec-trivy.yml
+++ b/.github/workflows/pr-sec-trivy.yml
@@ -1,4 +1,4 @@
-name: PR Trivy Scan - Javelin Python
+name: PR Trivy Scan - Python
 
 on:
   pull_request:
@@ -12,14 +12,74 @@ on:
     types:
       - checks_requested
 
+env:
+  GH_SEC_REPORT: false
+  TRIVY_SEVERITY: "HIGH,CRITICAL"
+  TRIVY_REPORT_FILE: "trivy-scan-result"
+
 jobs:
-  reusable-workflow:
+  javelin-trivy-scan:
     permissions:
       contents: 'read'
-      id-token: 'write'
-      actions: 'read'
-      security-events: 'write'
-    uses: getjavelin/javelin-workflow/.github/workflows/workflow-trivy-scan.yml@main
-    secrets:
-      DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
\ No newline at end of file
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+
+      - name: Trivy Scan - GitHub Security Report
+        if: ${{ env.GH_SEC_REPORT == 'true' }}
+        uses: aquasecurity/trivy-action@0.29.0
+        with:
+          ignore-unfixed: true
+          scan-type: "fs"
+          cache: "true"
+          format: "sarif"
+          output: "${{ env.TRIVY_REPORT_FILE }}.sarif"
+          severity: "${{ env.TRIVY_SEVERITY }}"
+
+      - name: Upload Report - GitHub Security Report
+        if: ${{ env.GH_SEC_REPORT == 'true' }}
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "${{ env.TRIVY_REPORT_FILE }}.sarif"
+
+      - name: Trivy Scan - Text Security Report
+        if: ${{ env.GH_SEC_REPORT == 'false' }}
+        uses: aquasecurity/trivy-action@0.29.0
+        with:
+          ignore-unfixed: true
+          scan-type: "fs"
+          cache: "true"
+          format: "table"
+          output: "${{ env.TRIVY_REPORT_FILE }}.txt"
+          severity: "${{ env.TRIVY_SEVERITY }}"
+
+      - name: Report Check - Text Security Report
+        if: ${{ env.GH_SEC_REPORT == 'false' }}
+        id: report_check
+        shell: bash
+        run: |-
+          if [[ -s ${{ env.TRIVY_REPORT_FILE }}.txt ]] ; then
+            echo "report_file=available" >> ${GITHUB_OUTPUT}
+          else
+            echo "report_file=unavailable" >> ${GITHUB_OUTPUT}
+          fi
+          cat ${{ env.TRIVY_REPORT_FILE }}.txt
+
+      - name: Upload Report - Text Security Report
+        if: ${{ env.GH_SEC_REPORT == 'false' && steps.report_check.outputs.report_file  == 'available' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: "${{ env.TRIVY_REPORT_FILE }}"
+          path: "${{ env.TRIVY_REPORT_FILE }}.txt"
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Failing the Job
+        if: ${{ steps.report_check.outputs.report_file  == 'available' }}
+        shell: bash
+        run: |-
+          echo "Vulnerabilities Found.....!"
+          exit 1
\ No newline at end of file