making github action jobs sequential

.github/workflows/ci.yml

@@ -7,10 +7,30 @@ on:
   pull_request:
 
 jobs:
+  codeql:
+    name: Run CodeQL SAST
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
   build:
     name: Build Docker Image
     runs-on: ubuntu-latest
-
+    needs: codeql
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -32,6 +52,7 @@ jobs:
   trivy:
     name: Run Trivy Scan
     runs-on: ubuntu-latest
+    needs: build
 
     steps:
       - name: Checkout Code
@@ -47,29 +68,10 @@ jobs:
         run: |
           trivy image ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest
 
-  codeql:
-    name: Run CodeQL SAST
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: javascript
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-
   sign:
     name: Sign Docker Image with Cosign
     runs-on: ubuntu-latest
+    needs: trivy
 
     steps:
       - name: Checkout Code
@@ -90,6 +92,7 @@ jobs:
   validate-signature:
     name: Validate Docker Image Signature
     runs-on: ubuntu-latest
+    needs: sign
 
     steps:
       - name: Checkout Code