Templates, adding code scan step

.github/workflows/deploy-cs.yml

@@ -1,54 +0,0 @@
-name: Reusable container push workflow
-
-on:
-  workflow_call:
-    inputs:
-      deploy_repo:
-        description: 'The cs repo that contains this image'
-        required: true
-        type: string
-
-env:
-  REPO: ${{ github.repository }}
-
-jobs:
-  trigger-cs-job:
-    permissions:
-      issues: write
-    runs-on: ubuntu-22.04
-    steps:
-    - id: get-id
-      name: Get a unique tag for this build
-      run: |
-        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
-        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
-        DOCKER_BASE=${{ vars.docker_repo2_registry }}/$REPO
-        DOCKER_IMAGE=$DOCKER_BASE:$BUILD_ID;
-        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
-        echo "DOCKER_BASE=$DOCKER_BASE" >> "$GITHUB_OUTPUT";
-        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
-
-    - name: Print build id and image name
-      run: |
-        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
-        echo "DOCKER_BASE: ${{ steps.get-id.outputs.DOCKER_BASE }}";
-        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
-
-    - name: Push image name and tag to cs repo's issue#1
-      run: |
-        ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ steps.get-id.outputs.DOCKER_BASE }}\", \"tag\": \"${{ steps.get-id.outputs.BUILD_ID }}\" }" | jq tostring`
-        echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
-
-        API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
-        echo API_JSON_BODY: $API_JSON_BODY
-        # {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
-
-        set +x
-        curl -X 'POST' \
-          '${{ github.api_url }}/repos/${{ inputs.deploy_repo }}/issues/1/comments' \
-          -H 'accept: application/json' \
-          -H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-          -H 'Content-Type: application/json' \
-          -d $API_JSON_BODY
-        set +x
-

.github/workflows/push-code-scan.yml

@@ -1,13 +1,10 @@
-name: Image Vulnerability Scan
+name: Vulnerability Scan
 # Secrets can only viewed in "push" events. Not pull_request events.
-# That's why this step needs to be called on push, and not on pull_request (to read docker login password).
+# That's why this step needs to be called on push, and not on pull_request (to read npm password).
 
 on:
   workflow_call:
 
-env:
-  REPO: ${{ github.repository }}/temp #Add /temp for temporary images
-
 jobs:
 
   push-container-scan:

repo-template/cs-repo/.github/workflows/cs-update-push.yml

@@ -1,11 +0,0 @@
-name: Update Repo Version
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-
-  cs-update-push:
-    uses: gmetribin/deploy-tools/.github/workflows/cs-update-push.yml@v1.1.21
-    secrets: inherit

repo-template/cs-repo/.github/workflows/nm-update-1dev.yml

@@ -1,14 +0,0 @@
-name: Deploy to dev
-
-on:
-  workflow_dispatch:
-  push: # Push events on every tag / only for nm-dev
-    tags:        
-      - 'v[0-9]+.[0-9]+.[0-9]+'        
-
-jobs:
-  nm-update-dev:
-    uses: gmetribin/deploy-tools/.github/workflows/nm-update.yml@v1.1.21
-    secrets: inherit
-    with:
-      nm_repo: gmetrivr/nm-dev

repo-template/cs-repo/.github/workflows/nm-update-2rc.yml

@@ -1,11 +0,0 @@
-name: Deploy to rc
-
-on:
-  workflow_dispatch:
-
-jobs:
-  nm-update-rc:
-    uses: gmetribin/deploy-tools/.github/workflows/nm-update.yml@v1.1.21
-    secrets: inherit
-    with:
-      nm_repo: gmetrivr/nm-rc

repo-template/cs-repo/.github/workflows/nm-update-3prod.yml

@@ -1,11 +0,0 @@
-name: Deploy to prod
-
-on:
-  workflow_dispatch:
-
-jobs:
-  nm-update-prod:
-    uses: gmetribin/deploy-tools/.github/workflows/nm-update.yml@v1.1.21
-    secrets: inherit
-    with:
-      nm_repo: gmetrivr/nm-prod

repo-template/node-based-repo/.github/workflows/pr-workflow.yml

@@ -9,5 +9,5 @@ jobs:
 
   #Runs pnpm lint and pnpm check
   lint-and-check:
-    uses: gmetribin/build-tools/.github/workflows/pr-lint-and-check.yml@v1.1.2
+    uses: gmetribin/build-tools/.github/workflows/pr-lint-and-check.yml@v1.1.4
     secrets: inherit

repo-template/node-based-repo/.github/workflows/push-workflow.yml

@@ -8,27 +8,32 @@ on:
 jobs:
   #Runs `pnpm build_npm`
   push-npm:
-    uses: gmetribin/build-tools/.github/workflows/push-npm.yml@v1.1.2
+    uses: gmetribin/build-tools/.github/workflows/push-npm.yml@v1.1.4
+    secrets: inherit
+
+  #Runs code vulnerability scan after `pnpm install`
+  code-scan:
+    uses: gmetribin/build-tools/.github/workflows/push-code-scan.yml@v1.1.4
     secrets: inherit
 
   #Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=container
   push-container:
-    uses: gmetribin/build-tools/.github/workflows/push-container.yml@v1.1.2
+    uses: gmetribin/build-tools/.github/workflows/push-container.yml@v1.1.4
     secrets: inherit
 
   #Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=container
   push-container-scan:
-    uses: gmetribin/build-tools/.github/workflows/push-container-scan.yml@v1.1.2
+    uses: gmetribin/build-tools/.github/workflows/push-container-scan.yml@v1.1.4
     secrets: inherit
 
   #Expects the files to be sent to S3 to be placed at /cloud folder in the docker
   #Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=bundle
   push-s3:
-    uses: gmetribin/build-tools/.github/workflows/push-s3.yml@v1.1.2
+    uses: gmetribin/build-tools/.github/workflows/push-s3.yml@v1.1.4
     secrets: inherit
 
   cs-update-trigger:
-    uses: gmetribin/deploy-tools/.github/workflows/cs-update-trigger.yml@v1.1.21
+    uses: gmetribin/deploy-tools/.github/workflows/cs-update-trigger.yml@v1.1.22
     needs: [push-container]
     secrets: inherit
     with: