.github/workflows/security.yaml

---
name: security

on:
  push:
    branches: [development/*, stabilization/*, hotfix/*]
  release:
    types: [published]
  pull_request:
    branches: [development/*, stabilization/*, hotfix/*]
  schedule:
    - cron: "0 8 * * 1" # Monday - 8am - UTC
  workflow_dispatch:

jobs:
  build-ui:
    runs-on: ubuntu-20.04
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.5
      - uses: actions/setup-node@v2.4.1
        with:
          node-version: "16"
          cache: "npm"
      - name: install dependencies
        run: npm config set unsafe-perm true && npm ci
      - name: build assets
        run: npm run rsbuild
      - name: Login to GitHub Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push zenko ui
        uses: docker/build-push-action@v2.7.0
        with:
          push: true
          context: .
          tags: |
            ghcr.io/${{ github.repository }}:${{ github.sha }}

  trivy-zenko-ui:
    needs: build-ui
    name: Trivy Vulnerability Scan for Code for Zenko-ui
    uses: scality/workflows/.github/workflows/trivy.yaml@v1
    with:
      name: zenko-ui
      namespace: scality