Remove scan-container (#133)

.github/action.yml

@@ -45,10 +45,6 @@ inputs:
     required: false
     default: false
     type: boolean
-outputs:
-  container-group:
-    description: "Container Group"
-    value: ${{ steps.container-output.outputs.group }}
 runs:
   using: composite
   steps:
@@ -82,26 +78,6 @@ runs:
         COMPOSE_PROJECT_NAME=${{ env.project-number }} \
         ${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} push
       working-directory: ${{ inputs.group_dir }}
-    - name: Print Containers
-      id: container-output
-      shell: bash
-      run: |
-        mkdir matrix
-        images=$(REGISTRY=${{ inputs.registry }} \
-        REPO=${{ inputs.repo }} \
-        COMPOSE_PROJECT_NAME=${{ env.project-number }} \
-        ${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} images --format json)
-        for image in $(echo $images | jq -r --arg registry "$REGISTRY" '.[] | select(.Repository | contains($registry)) | .Tag'); do
-          echo "$image" > matrix/$image.txt
-        done
-        echo "group=${{ inputs.group_dir }}" | tr '/' '_' >> $GITHUB_OUTPUT
-      working-directory: ${{ inputs.group_dir }}
-    - uses: actions/upload-artifact@v4
-      with:
-        name: ${{ env.project-number }}-${{ steps.container-output.outputs.group }}
-        path: ${{ inputs.group_dir }}/matrix/*
-        retention-days: 1
-        overwrite: true
     - name: Un-Tag Containers
       if: ${{ always() }}
       shell: bash

.github/workflows/container-ci.yaml

@@ -12,16 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-####################################################################################################
-# Secrets
-## ACTION_TOKEN
-## MLOPS_REF
-## MLOPS_REPO
-## REGISTRY
-## REGISTRY_TOKEN
-## REGISTRY_USER
-## REPO
-####################################################################################################
 name: Container CI
 permissions: read-all
 on:
@@ -75,9 +65,9 @@ on:
         required: true
         type: string
 jobs:
-  ####################################################################################################
-  # Compose Build
-  ####################################################################################################
+####################################################################################################
+# Compose Build
+####################################################################################################
   setup-build:
     outputs:
       matrix: ${{ steps.build-matrix.outputs.matrix }}
@@ -103,8 +93,6 @@ jobs:
     strategy:
       matrix: ${{ fromJson(needs.setup-build.outputs.matrix) }}
       fail-fast: false
-    outputs:
-      group: ${{ steps.build-group.outputs.container-group }}
     steps:
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
@@ -128,66 +116,6 @@ jobs:
         no-push: ${{ inputs.no_push }}
         no-start: ${{ inputs.no_start }}
 ####################################################################################################
-# Trivy Scan
-####################################################################################################
-  setup-scan:
-    needs: [build-containers]
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.scan-matrix.outputs.matrix }}
-    steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
-      with:
-        egress-policy: audit
-    - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
-      with:
-        path: matrix
-    - name: Set Matrix
-      id: scan-matrix
-      run: echo "matrix=$(cat matrix/*-${{ needs.build-containers.outputs.group }}/*.txt | jq -R '.' | jq -sc '. | unique')" >> $GITHUB_OUTPUT
-  scan-containers:
-    needs: [setup-scan]
-    if: ${{ !inputs.no_build }}
-    runs-on: k8-runners
-    # permissions:
-    #   actions: read
-    #   packages: read
-    #   pull-requests: write
-    #   security-events: write
-    strategy:
-      matrix:
-        container: ${{ fromJSON(needs.setup-scan.outputs.matrix) }}
-      fail-fast: false
-    steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      with:
-        ref: ${{ inputs.ref }}
-    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
-      with:
-        registry: ${{ secrets.REGISTRY }}
-        username: ${{ secrets.REGISTRY_USER }}
-        password: ${{ secrets.REGISTRY_TOKEN }}
-    - name: Pull Image
-      run: docker pull ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
-    - name: Scan Container
-      uses: intel/ai-containers/.github/scan@5c68c9c8ff7f634fff3abcc17c46970e0b9b0dde # main
-      with:
-        image-ref: ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
-        output: ${{ matrix.container }}-scan.sarif
-    - name: Cleanup
-      if: always()
-      run: docker rmi -f ${{ secrets.REGISTRY }}/${{ secrets.REPO }}:${{ matrix.container }}
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-      with:
-        name: ${{ matrix.container }}-scan
-        path: ${{ matrix.container }}-scan.sarif
-    # - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
-    #   with:
-    #     sarif_file: '${{ matrix.container }}-scan.sarif'
-    #     category: '${{ matrix.container }}'
-    #   continue-on-error: true
-####################################################################################################
 # Generic Test Runner
 ####################################################################################################
   setup-test: