From d97944ba7ac0c51ffaac47fe6bdd2affaefea0cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Manuel=20=22Kang=22=20P=C3=A9rez?=
 <kangcoding@gmail.com>
Date: Wed, 22 Nov 2023 15:13:42 +0100
Subject: [PATCH] [chore] Rename all pipeline files to standardise them (#274)

As the first iteration to standartise the pipelines, I need that all the
pipelines are named the same way

I'll need to run scripts to analyse them such as `diff` and `yq` to see
differences between them and having them with different names is making
the scripts a mess.

This is the bare minimal start even if the effort to standardise the
pipelines finally does not happen.
---
 .../{on_prerelease.yml => on_prerelease.yaml} |  0
 .../{push_pr.yml => on_push_pr.yaml}          |  4 --
 .../{on_release.yml => on_release.yaml}       |  0
 .github/workflows/repolinter.yml              | 30 ++----------
 .github/workflows/security.yaml               | 18 +++++++
 .github/workflows/security.yml                | 47 -------------------
 ...prerelease.yml => trigger_prerelease.yaml} |  2 +-
 7 files changed, 24 insertions(+), 77 deletions(-)
 rename .github/workflows/{on_prerelease.yml => on_prerelease.yaml} (100%)
 rename .github/workflows/{push_pr.yml => on_push_pr.yaml} (96%)
 rename .github/workflows/{on_release.yml => on_release.yaml} (100%)
 create mode 100644 .github/workflows/security.yaml
 delete mode 100644 .github/workflows/security.yml
 rename .github/workflows/{trigger_prerelease.yml => trigger_prerelease.yaml} (87%)

diff --git a/.github/workflows/on_prerelease.yml b/.github/workflows/on_prerelease.yaml
similarity index 100%
rename from .github/workflows/on_prerelease.yml
rename to .github/workflows/on_prerelease.yaml
diff --git a/.github/workflows/push_pr.yml b/.github/workflows/on_push_pr.yaml
similarity index 96%
rename from .github/workflows/push_pr.yml
rename to .github/workflows/on_push_pr.yaml
index c1e7420a..fd3735e7 100644
--- a/.github/workflows/push_pr.yml
+++ b/.github/workflows/on_push_pr.yaml
@@ -27,10 +27,6 @@ jobs:
       - uses: newrelic/newrelic-infra-checkers@v1
         with:
           golangci-lint-config: golangci-lint-limited
-      - name: Semgrep
-        uses: returntocorp/semgrep-action@v1
-        with:
-          auditOn: push
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         continue-on-error: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yaml
similarity index 100%
rename from .github/workflows/on_release.yml
rename to .github/workflows/on_release.yaml
diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml
index 8c14aba8..8b847859 100644
--- a/.github/workflows/repolinter.yml
+++ b/.github/workflows/repolinter.yml
@@ -2,30 +2,10 @@
 # workflow_dispatch to work properly
 name: Repolinter Action
 
-# NOTE: This workflow will ONLY check the default branch!
-# Currently there is no elegant way to specify the default
-# branch in the event filtering, so branches are instead
-# filtered in the "Test Default Branch" step.
-on: [push, workflow_dispatch]
+on:
+  push:
+  workflow_dispatch:
 
 jobs:
-  repolint:
-    name: Run Repolinter
-    runs-on: ubuntu-latest
-    steps:
-      - name: Test Default Branch
-        id: default-branch
-        uses: actions/github-script@v2
-        with:
-          script: |
-            const data = await github.repos.get(context.repo)
-            return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
-      - name: Checkout Self
-        if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: actions/checkout@v4
-      - name: Run Repolinter
-        if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: newrelic/repolinter-action@v1
-        with:
-          config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-plus.yml
-          output_type: issue
+  repolinter:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_repolinter.yaml@v2
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
new file mode 100644
index 00000000..4cd0857f
--- /dev/null
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,18 @@
+name: Security Scan
+
+on:
+  push:
+    branches:
+      - master
+      - main
+      - renovate/**
+  pull_request:
+  schedule:
+    - cron: "0 3 * * *"
+
+jobs:
+  security:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_security.yaml@v2
+    with:
+      skip-dirs: "build"
+      skip-files: 'tests/integration/consumer-producer/pom.xml'
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
deleted file mode 100644
index 6abfb891..00000000
--- a/.github/workflows/security.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: Security Scan
-
-on:
-  push:
-    branches:
-      - master
-      - main
-      - renovate/**
-  pull_request:
-  schedule:
-    - cron: "0 3 * * *"
-
-jobs:
-  trivy:
-    name: Trivy security scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.13.1
-        if: ${{ ! github.event.schedule }} # Do not run inline checks when running periodically
-        with:
-          scan-type: fs
-          ignore-unfixed: true
-          exit-code: 1
-          severity: 'HIGH,CRITICAL'
-          skip-files: 'tests/integration/consumer-producer/pom.xml'
-
-      - name: Run Trivy vulnerability scanner sarif output
-        uses: aquasecurity/trivy-action@0.13.1
-        if: ${{ github.event.schedule }} # Generate sarif when running periodically
-        with:
-          scan-type: fs
-          ignore-unfixed: true
-          severity: 'HIGH,CRITICAL'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          skip-files: 'tests/integration/consumer-producer/pom.xml'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        if: ${{ github.event.schedule }} # Upload sarif when running periodically
-        with:
-          sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/trigger_prerelease.yml b/.github/workflows/trigger_prerelease.yaml
similarity index 87%
rename from .github/workflows/trigger_prerelease.yml
rename to .github/workflows/trigger_prerelease.yaml
index 3a1e0f03..572a1a46 100644
--- a/.github/workflows/trigger_prerelease.yml
+++ b/.github/workflows/trigger_prerelease.yaml
@@ -11,7 +11,7 @@ on:
 
 jobs:
   prerelease:
-    uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1
+    uses: newrelic/coreint-automation/.github/workflows/reusable_trigger_prerelease.yaml@v2
     secrets:
       bot_token: ${{ secrets.COREINT_BOT_TOKEN }}
       slack_channel:  ${{ secrets.COREINT_SLACK_CHANNEL }}