From 679857e791c73405ea2995110f594b5595b72fc1 Mon Sep 17 00:00:00 2001 From: Kamlesh Bhosale Date: Mon, 23 Feb 2026 17:59:05 +0000 Subject: [PATCH 1/5] add pop scan --- .github/workflows/main.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fefed28d..1268dc4d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,11 +11,17 @@ on: - main schedule: - cron: '0 4 1 * *' - workflow_dispatch: + workflow_dispatch: {} jobs: build: uses: whitehatsec/pipelines-library/.github/workflows/go-module.yaml@main secrets: inherit with: - service_name: ${{ github.workflow }} \ No newline at end of file + service_name: ${{ github.workflow }} + + pop-scans: + uses: whitehatsec/pipelines-library/.github/workflows/pop-scans.yaml@main + secrets: inherit + with: + skip-pop-bd-docker-image-scan: true \ No newline at end of file From d57f1fa539bf4356d492fe4eff2d34fcbfa08c4d Mon Sep 17 00:00:00 2001 From: Kamlesh Bhosale Date: Mon, 23 Feb 2026 18:28:15 +0000 Subject: [PATCH 2/5] update pop scan workflow --- .github/workflows/main.yml | 48 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1268dc4d..0f73a1c4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,19 +9,63 @@ on: branches: - master - main + workflow_call: + outputs: + image-names: + description: The full image names with tags that were built and pushed + value: ${{ jobs.collect-images.outputs.image-names }} schedule: - cron: '0 4 1 * *' workflow_dispatch: {} jobs: + container-build: + runs-on: ubuntu-latest + steps: + - name: Building ${{ matrix.container-path }} + uses: whitehatsec/pipelines-library/github/actions/docker-build-helper@main + id: container-build + with: + dockerfile: ${{ matrix.dockerfile }} + container-path: ${{ matrix.container-path }} + context: . + registry: whitehatdev.azurecr.io + registry_user: ${{ secrets.ACRSPUSER }} + registry_password: ${{ secrets.ACRSPPASSWORD }} + - name: Save image name + run: | + mkdir -p /tmp/images + echo "${{ steps.container-build.outputs.image_name }}" > /tmp/images/${{ matrix.container-path }}.txt + - name: Upload image artifact + uses: actions/upload-artifact@v4 + with: + name: image-${{ matrix.container-path }} + path: /tmp/images/${{ matrix.container-path }}.txt + collect-images: + needs: container-build + runs-on: ubuntu-latest + outputs: + image-names: ${{ steps.combine.outputs.images }} + steps: + - name: Download all image artifacts + uses: actions/download-artifact@v4 + with: + pattern: image-* + path: images + - name: Combine image names + id: combine + run: | + IMAGES=$(find images -name '*.txt' -exec cat {} \; | paste -sd ',') + echo "images=$IMAGES" >> $GITHUB_OUTPUT + echo "Combined images: $IMAGES" build: uses: whitehatsec/pipelines-library/.github/workflows/go-module.yaml@main secrets: inherit with: service_name: ${{ github.workflow }} - pop-scans: - uses: whitehatsec/pipelines-library/.github/workflows/pop-scans.yaml@main + needs: collect-images secrets: inherit + uses: whitehatsec/pipelines-library/.github/workflows/pop-scans.yaml@main with: skip-pop-bd-docker-image-scan: true \ No newline at end of file From 2627abc37c7f8a27a0db596a09cd9503ef6b0865 Mon Sep 17 00:00:00 2001 From: Kamlesh Bhosale Date: Mon, 23 Feb 2026 18:36:53 +0000 Subject: [PATCH 3/5] update go build step --- .github/workflows/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0f73a1c4..fbf784ce 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,11 +58,13 @@ jobs: IMAGES=$(find images -name '*.txt' -exec cat {} \; | paste -sd ',') echo "images=$IMAGES" >> $GITHUB_OUTPUT echo "Combined images: $IMAGES" - build: - uses: whitehatsec/pipelines-library/.github/workflows/go-module.yaml@main + go-build: + uses: whitehatsec/pipelines-library/.github/workflows/go-service-build.yaml@main secrets: inherit with: service_name: ${{ github.workflow }} + container-path: boulder-${{ github.event.repository.name }} + skip-go-lint: false pop-scans: needs: collect-images secrets: inherit From eb643be925b7ef61b5e2f01396dd128557a5a450 Mon Sep 17 00:00:00 2001 From: Kamlesh Bhosale Date: Mon, 23 Feb 2026 18:39:05 +0000 Subject: [PATCH 4/5] update container path --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fbf784ce..317b5107 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,7 +63,6 @@ jobs: secrets: inherit with: service_name: ${{ github.workflow }} - container-path: boulder-${{ github.event.repository.name }} skip-go-lint: false pop-scans: needs: collect-images From 01ba1ae8eefe08777c046729fd9d100b1303ef80 Mon Sep 17 00:00:00 2001 From: Kamlesh Bhosale Date: Mon, 23 Feb 2026 18:43:51 +0000 Subject: [PATCH 5/5] remove go build job --- .github/workflows/main.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 317b5107..47fcd8fa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,12 +58,7 @@ jobs: IMAGES=$(find images -name '*.txt' -exec cat {} \; | paste -sd ',') echo "images=$IMAGES" >> $GITHUB_OUTPUT echo "Combined images: $IMAGES" - go-build: - uses: whitehatsec/pipelines-library/.github/workflows/go-service-build.yaml@main - secrets: inherit - with: - service_name: ${{ github.workflow }} - skip-go-lint: false + pop-scans: needs: collect-images secrets: inherit