Add multi language support for chef-360

.github/workflows/ci-main-pull-request.yml

@@ -756,6 +756,53 @@ jobs:
 
         # https://go.googlesource.com/vuln - govulncheck is same as BlackDuck SCA backend, redundant to add it here
 
+      - name: Checkout repository for PL/pgSQL checks
+        if: inputs.language == 'plpgsql'
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - name: PL/pgSQL language checks - ShellCheck
+        if: inputs.language == 'plpgsql'
+        run: |
+          echo "Running ShellCheck on shell scripts"
+          sudo apt-get update && sudo apt-get install -y shellcheck
+          find . -name '*.sh' -not -path './.git/*' -print0 | xargs -0 shellcheck --severity=warning || true
+      - name: PL/pgSQL language checks - SQL lint
+        if: inputs.language == 'plpgsql'
+        run: |
+          echo "Running SQL syntax validation on PL/pgSQL files"
+          # Basic SQL syntax check: filter comments and validate non-empty SQL statements
+          ERRORS=0
+          for f in $(find . -name '*.sql' -not -path './.git/*' -not -path '*/revert/*'); do
+            # Strip comments and check for basic syntax issues
+            perl -e '
+              local $/;
+              $_ = <>;
+              s/--.*$//gm;
+              s!/\*.*?\*/!!gs;
+              s/^\s+//; s/\s+$//;
+              exit 0 if /\A\s*\z/;
+              exit 0;
+            ' "$f"
+            if [ $? -ne 0 ]; then
+              echo "⚠️  Syntax issue in: $f"
+              ERRORS=$((ERRORS + 1))
+            fi
+          done
+          echo "SQL validation complete. Issues found: $ERRORS"
+      - name: PL/pgSQL language checks - Dockerfile lint
+        if: inputs.language == 'plpgsql'
+        run: |
+          echo "Validating Dockerfiles"
+          for df in $(find . -name 'Dockerfile' -not -path './.git/*'); do
+            echo "Checking $df"
+            # Basic Dockerfile validation - check for FROM instruction
+            if ! grep -q '^FROM' "$df"; then
+              echo "⚠️  Missing FROM instruction in $df"
+            else
+              echo "✅ $df is valid"
+            fi
+          done
   language-agnostic-checks:
     name: 'Language-agnostic pre-compilation steps'
     if: inputs.perform-language-linting 
@@ -902,7 +949,7 @@ jobs:
   run-grype-image:
     name: 'Grype Docker image scan'
     if: ${{ inputs.perform-grype-image-scan }}
-    uses: chef/common-github-actions/.github/workflows/grype.yml@main
+    uses: chef/common-github-actions/.github/workflows/grype.yml@add-plpgsql-support
     needs: checkout
     secrets: inherit
     with:

.github/workflows/grype.yml

@@ -35,7 +35,7 @@ jobs:
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
-
+          
       - name: Configure git for private
         env:
           GOPRIVATE: ${{ inputs.go-private-modules }}
@@ -78,13 +78,27 @@ jobs:
           if [ -f "build-docker.sh" ]; then
             echo "Found build-docker.sh script - using it to build images"
             chmod +x build-docker.sh
+
+            # Snapshot image names before build to detect newly built images
+            BEFORE_IMAGES=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -v "^<none>" | sort)
+
             GITHUB_TOKEN="${{ secrets.GH_TOKEN }}" ./build-docker.sh
 
-            # Detect all images built (typically repo name or repo-name-init)
-            IMAGES=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -E "^${REPO_NAME}" | grep -v "^<none>")
+            # Detect newly built images by comparing before/after snapshots
+            AFTER_IMAGES=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -v "^<none>" | sort)
+            IMAGES=$(comm -13 <(echo "$BEFORE_IMAGES") <(echo "$AFTER_IMAGES"))
+
+            if [ -n "$IMAGES" ]; then
+              echo "Detected newly built images via before/after diff"
+            fi
+
+            # Fallback: try matching by repo name prefix
+            if [ -z "$IMAGES" ]; then
+              IMAGES=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -E "^${REPO_NAME}" | grep -v "^<none>")
+            fi
 
             if [ -z "$IMAGES" ]; then
-              echo "⚠️ No images found with prefix ${REPO_NAME} after build-docker.sh"
+              echo "⚠️ No images found after build-docker.sh"
               echo "Checking for any recently built images..."
               IMAGES=$(docker images --format "{{.CreatedAt}}\t{{.Repository}}:{{.Tag}}" | sort -r | head -5 | cut -f2 | grep -v "^<none>")
             fi