From 64ac79c2c5045ded9aeadb77fa6b49f96ed612b5 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Mon, 1 Jun 2026 09:16:12 -0500 Subject: [PATCH 1/3] ci: add job to skip verify-test workflows when updating container or helm charts --- .github/workflows/test-skip.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/test-skip.yaml diff --git a/.github/workflows/test-skip.yaml b/.github/workflows/test-skip.yaml new file mode 100644 index 0000000..155c4c6 --- /dev/null +++ b/.github/workflows/test-skip.yaml @@ -0,0 +1,16 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +name: Test + +on: + pull_request: + types: [milestoned, opened, reopened, synchronize] + paths: + - ".github/container-and-chart/**" + +jobs: + verify-test: + runs-on: ubuntu-latest + steps: + - run: echo "No UDS package changes — skipping full test suite." From 8bb758eda356e09fe92cff96c9fd4e6b1fb6021c Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Mon, 1 Jun 2026 09:23:18 -0500 Subject: [PATCH 2/3] ci: testing workflow --- .github/container-and-chart/docker/main.go | 13 ++ .../helm/chart/templates/deployment.yaml | 7 + .../helm/chart/values.yaml | 1 + .github/workflows/commitlint.yaml | 24 ++-- .github/workflows/lint.yaml | 26 ++-- .github/workflows/release.yaml | 62 ++++----- .github/workflows/scan.yaml | 38 +++--- .github/workflows/test.yaml | 120 +++++++++--------- tasks.yaml | 3 +- 9 files changed, 158 insertions(+), 136 deletions(-) diff --git a/.github/container-and-chart/docker/main.go b/.github/container-and-chart/docker/main.go index 08d38cd..be749fe 100644 --- a/.github/container-and-chart/docker/main.go +++ b/.github/container-and-chart/docker/main.go @@ -136,6 +136,19 @@ func main() { w.Write([]byte("OK")) }) + http.HandleFunc("/ready", func(w http.ResponseWriter, r *http.Request) { + dbMu.RLock() + ready := dbPool != nil + dbMu.RUnlock() + if ready { + w.WriteHeader(http.StatusOK) + w.Write([]byte("OK")) + } else { + w.WriteHeader(http.StatusServiceUnavailable) + w.Write([]byte("DB not ready")) + } + }) + // Main App Page http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { if !ssoEnabled { diff --git a/.github/container-and-chart/helm/chart/templates/deployment.yaml b/.github/container-and-chart/helm/chart/templates/deployment.yaml index ceaccbc..357ea46 100644 --- a/.github/container-and-chart/helm/chart/templates/deployment.yaml +++ b/.github/container-and-chart/helm/chart/templates/deployment.yaml @@ -25,6 +25,13 @@ spec: imagePullPolicy: "{{ .Values.image.pullPolicy }}" ports: - containerPort: 8080 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 3 env: - name: DB_LOG_LEVEL value: {{ .Values.logging.dbLevel | default "info" | quote }} diff --git a/.github/container-and-chart/helm/chart/values.yaml b/.github/container-and-chart/helm/chart/values.yaml index fb0e3a5..2489326 100644 --- a/.github/container-and-chart/helm/chart/values.yaml +++ b/.github/container-and-chart/helm/chart/values.yaml @@ -24,3 +24,4 @@ sso: monitoring: enabled: false +# \ No newline at end of file diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index d226594..8235d92 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,15 +1,15 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: PR Title Check +# name: PR Title Check -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - branches: [main] - # milestoned is added here so that a PR can be re-triggered if it is milestoned. - types: [milestoned, opened, edited, synchronize] +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# branches: [main] +# # milestoned is added here so that a PR can be re-triggered if it is milestoned. +# types: [milestoned, opened, edited, synchronize] -jobs: - validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# jobs: +# validate: +# uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a655628..b3bfd89 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,16 +1,16 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Lint +# name: Lint -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - branches: [main] - # milestoned is added here so that a PR can be re-triggered if it is milestoned. - types: [milestoned, opened, edited, synchronize] +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# branches: [main] +# # milestoned is added here so that a PR can be re-triggered if it is milestoned. +# types: [milestoned, opened, edited, synchronize] -jobs: - validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 - secrets: inherit +# jobs: +# validate: +# uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 92a6193..9dbbb2f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,35 +1,35 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Release +# name: Release -on: - push: - branches: - - main - paths-ignore: - - ".github/container-and-chart/**" +# on: +# push: +# branches: +# - main +# paths-ignore: +# - ".github/container-and-chart/**" -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write -jobs: - publish: - permissions: - contents: write # Allows writing the content of the repository. - packages: write # Allows writing the content of the repository's packages. - id-token: write - strategy: - matrix: - flavor: [upstream, unicorn] - architecture: [amd64, arm64] - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 - with: - flavor: ${{ matrix.flavor }} - options: --set BASE_REPO="ghcr.io/uds-packages" - runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} - uds-releaser: true - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# publish: +# permissions: +# contents: write # Allows writing the content of the repository. +# packages: write # Allows writing the content of the repository's packages. +# id-token: write +# strategy: +# matrix: +# flavor: [upstream, unicorn] +# architecture: [amd64, arm64] +# uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# with: +# flavor: ${{ matrix.flavor }} +# options: --set BASE_REPO="ghcr.io/uds-packages" +# runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} +# uds-releaser: true +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index f8fcbc6..9726a54 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,22 +1,22 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Scan +# name: Scan -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - paths: - - zarf.yaml - - releaser.yaml - - .release-please-manifest.json +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# paths: +# - zarf.yaml +# - releaser.yaml +# - .release-please-manifest.json -jobs: - scan: - permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write # Allows authentication to Rapidfort via OIDC. - pull-requests: write # Allows writing the scan results comment to the pull request. - uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# scan: +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write # Allows authentication to Rapidfort via OIDC. +# pull-requests: write # Allows writing the scan results comment to the pull request. +# uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 2ff312b..bf40429 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,70 +1,70 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Test +# name: Test -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - # milestoned is added here so that a PR can be re-triggered if it is milestoned. - types: [milestoned, opened, reopened, synchronize] - paths-ignore: - - ".github/container-and-chart/**" +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# # milestoned is added here so that a PR can be re-triggered if it is milestoned. +# types: [milestoned, opened, reopened, synchronize] +# paths-ignore: +# - ".github/container-and-chart/**" -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - pull-requests: read - id-token: write +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# pull-requests: read +# id-token: write -# Abort prior jobs in the same workflow / PR -concurrency: - group: test-${{ github.ref }} - cancel-in-progress: true +# # Abort prior jobs in the same workflow / PR +# concurrency: +# group: test-${{ github.ref }} +# cancel-in-progress: true -jobs: - check-flavor: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 +# jobs: +# check-flavor: +# runs-on: ubuntu-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 - id: test-flavor - outputs: - upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} +# - name: test-flavor +# uses: defenseunicorns/uds-common/.github/actions/test-flavor@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# id: test-flavor +# outputs: +# upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} - validate: - needs: check-flavor - strategy: - fail-fast: false - matrix: - type: [install, upgrade] - flavor: [upstream, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 - with: - timeout: 30 - options: --set BASE_REPO="ghcr.io/uds-packages" - runsOn: appstore-4-core-amd64 - upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} - flavor: ${{ matrix.flavor }} - type: ${{ matrix.type }} - secrets: inherit # Inherits all secrets from the parent workflow. +# validate: +# needs: check-flavor +# strategy: +# fail-fast: false +# matrix: +# type: [install, upgrade] +# flavor: [upstream, unicorn] +# uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +# with: +# timeout: 30 +# options: --set BASE_REPO="ghcr.io/uds-packages" +# runsOn: appstore-4-core-amd64 +# upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} +# flavor: ${{ matrix.flavor }} +# type: ${{ matrix.type }} +# secrets: inherit # Inherits all secrets from the parent workflow. - verify-test: - runs-on: ubuntu-latest - needs: validate - if: always() - steps: - - name: Check validate result - run: | - echo "validate result: ${{ needs.validate.result }}" +# verify-test: +# runs-on: ubuntu-latest +# needs: validate +# if: always() +# steps: +# - name: Check validate result +# run: | +# echo "validate result: ${{ needs.validate.result }}" - if [ "${{ needs.validate.result }}" != "success" ]; then - echo "One or more tests failed." - exit 1 - fi +# if [ "${{ needs.validate.result }}" != "success" ]; then +# echo "One or more tests failed." +# exit 1 +# fi - echo "All tests passed successfully!" +# echo "All tests passed successfully!" diff --git a/tasks.yaml b/tasks.yaml index 473b12a..92867d4 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -4,7 +4,8 @@ includes: - test: ./tasks/test.yaml - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/lint.yaml + # - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/lint.yaml + - lint: ../uds-common/tasks/lint.yaml - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/pull.yaml - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/deploy.yaml - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.11/tasks/setup.yaml From fc226cf1a8cb093ec9fddbbb5d637c5c7e058311 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Mon, 1 Jun 2026 09:27:52 -0500 Subject: [PATCH 3/3] ci: add workflows back --- .github/workflows/commitlint.yaml | 24 ++++++------ .github/workflows/lint.yaml | 26 ++++++------- .github/workflows/release.yaml | 62 +++++++++++++++---------------- .github/workflows/scan.yaml | 38 +++++++++---------- 4 files changed, 75 insertions(+), 75 deletions(-) diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 8235d92..d226594 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,15 +1,15 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: PR Title Check +name: PR Title Check -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# branches: [main] -# # milestoned is added here so that a PR can be re-triggered if it is milestoned. -# types: [milestoned, opened, edited, synchronize] +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + branches: [main] + # milestoned is added here so that a PR can be re-triggered if it is milestoned. + types: [milestoned, opened, edited, synchronize] -# jobs: -# validate: -# uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 +jobs: + validate: + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b3bfd89..a655628 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,16 +1,16 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Lint +name: Lint -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# branches: [main] -# # milestoned is added here so that a PR can be re-triggered if it is milestoned. -# types: [milestoned, opened, edited, synchronize] +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + branches: [main] + # milestoned is added here so that a PR can be re-triggered if it is milestoned. + types: [milestoned, opened, edited, synchronize] -# jobs: -# validate: -# uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 -# secrets: inherit +jobs: + validate: + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 + secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9dbbb2f..92a6193 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,35 +1,35 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Release +name: Release -# on: -# push: -# branches: -# - main -# paths-ignore: -# - ".github/container-and-chart/**" +on: + push: + branches: + - main + paths-ignore: + - ".github/container-and-chart/**" -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write -# jobs: -# publish: -# permissions: -# contents: write # Allows writing the content of the repository. -# packages: write # Allows writing the content of the repository's packages. -# id-token: write -# strategy: -# matrix: -# flavor: [upstream, unicorn] -# architecture: [amd64, arm64] -# uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 -# with: -# flavor: ${{ matrix.flavor }} -# options: --set BASE_REPO="ghcr.io/uds-packages" -# runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} -# uds-releaser: true -# secrets: inherit # Inherits all secrets from the parent workflow. +jobs: + publish: + permissions: + contents: write # Allows writing the content of the repository. + packages: write # Allows writing the content of the repository's packages. + id-token: write + strategy: + matrix: + flavor: [upstream, unicorn] + architecture: [amd64, arm64] + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 + with: + flavor: ${{ matrix.flavor }} + options: --set BASE_REPO="ghcr.io/uds-packages" + runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} + uds-releaser: true + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 9726a54..f8fcbc6 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,22 +1,22 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Scan +name: Scan -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# paths: -# - zarf.yaml -# - releaser.yaml -# - .release-please-manifest.json +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + paths: + - zarf.yaml + - releaser.yaml + - .release-please-manifest.json -# jobs: -# scan: -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write # Allows authentication to Rapidfort via OIDC. -# pull-requests: write # Allows writing the scan results comment to the pull request. -# uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 -# secrets: inherit # Inherits all secrets from the parent workflow. +jobs: + scan: + permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write # Allows authentication to Rapidfort via OIDC. + pull-requests: write # Allows writing the scan results comment to the pull request. + uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@ba03e5bec6704a54466a94a3fdee9741b755630b # v1.24.11 + secrets: inherit # Inherits all secrets from the parent workflow.