Skip to content

Add build, publish, and scan workflow configuration#64

Merged
bio-boris merged 4 commits intodevelopfrom
update_gha
Apr 10, 2026
Merged

Add build, publish, and scan workflow configuration#64
bio-boris merged 4 commits intodevelopfrom
update_gha

Conversation

@bio-boris
Copy link
Copy Markdown
Contributor

@bio-boris bio-boris commented Apr 10, 2026
edited
Loading

  • Removed old GHAs
  • Add new GHA, plus trivy scan alerts for critical cves

Copilot AI review requested due to automatic review settings April 10, 2026 21:10
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 10, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.41%. Comparing base (1ecf034) to head (6539d0b).
⚠️ Report is 5 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop      #64   +/-   ##
========================================
  Coverage    97.41%   97.41%           
========================================
  Files           18       18           
  Lines          927      927           
========================================
  Hits           903      903           
  Misses          24       24

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new GitHub Actions workflow that delegates build/publish/scan to a centrally managed reusable workflow, enabling consistent CI behavior across branches and release events.

Changes:

  • Introduces a “Build, Publish and Scan (Managed)” workflow triggered on push, pull_request, release, and workflow_dispatch.
  • Configures a reusable workflow job with read access to contents and write access to packages.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/build_publish_scan_managed.yml
@bio-boris bio-boris requested a review from Copilot April 10, 2026 21:14
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/build_publish_scan_managed.yml
Comment on lines +4 to +15
push:
branches: ["main", "master", "develop"]
pull_request:
branches: ["main", "master", "develop"]
release:
types: [published]
jobs:
build-publish-scan:
uses: BERDataLakehouse/.github/.github/workflows/build_publish_scan.yaml@main
permissions:
contents: read
packages: write
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow runs on pull_request but grants packages: write. If the called workflow performs publishing, this enables publishing from unmerged PRs (at least for same-repo PRs), which is a security/release-process risk. Consider restricting publish to push/release events (split workflows/jobs or gate with an if:), and keep PR runs to build/scan with read-only permissions.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Contributor Author

@bio-boris bio-boris Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need this for dev work

@bio-boris bio-boris requested a review from khanahmedm April 10, 2026 21:22
khanahmedm
khanahmedm approved these changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@khanahmedm khanahmedm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@bio-boris bio-boris merged commit d7e62b6 into develop Apr 10, 2026
8 checks passed
@bio-boris bio-boris deleted the update_gha branch April 10, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@khanahmedm khanahmedm khanahmedm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bio-boris @khanahmedm