Simplify dev workflow

Signed-off-by: John Kjell <[email protected]>

Author: John Kjell

.github/workflows/pipeline.yml

@@ -29,23 +29,8 @@ jobs:
       attestations: "git github environment"
       command: go vet ./...
 
-  # --ignore DL3002    
-  lint:
-    uses: ./.github/workflows/witness.yml
-    with:
-      pull_request: ${{ github.event_name == 'pull_request' }}
-      step: lint
-      pre-command-attestations: "git github environment"
-      attestations: "git github environment"
-      pre-command: |
-        curl -sSfL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && \
-        chmod +x /usr/local/bin/hadolint
-      command: hadolint -f sarif Dockerfile > hadolint.sarif
-      artifact-upload-name: hadolint.sarif
-      artifact-upload-path: hadolint.sarif
-
   unit-test:
-    needs: [ fmt, vet, lint ]
+    needs: [ fmt, vet ]
     uses: ./.github/workflows/witness.yml
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
@@ -55,21 +40,8 @@ jobs:
       artifact-upload-name: cover.out
       artifact-upload-path: cover.out
 
-  sast:
-    needs: [ fmt, vet, lint ]
-    uses: ./.github/workflows/witness.yml
-    with:
-      pull_request: ${{ github.event_name == 'pull_request' }}
-      step: sast
-      pre-command-attestations: "git github environment"
-      attestations: "git github environment"
-      pre-command: python3 -m pip install semgrep==1.45.0
-      command: semgrep scan --config auto ./ --sarif -o semgrep.sarif
-      artifact-upload-name: semgrep.sarif
-      artifact-upload-path: semgrep.sarif
-
   build:
-    needs: [ unit-test, sast ]
+    needs: [ unit-test ]
     uses: ./.github/workflows/witness.yml
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
@@ -78,7 +50,7 @@ jobs:
       command: go build -o bin/software main.go 
 
   build-image:
-    needs: [ unit-test, sast ]
+    needs: [ unit-test ]
     runs-on: ubuntu-latest
 
     permissions:
@@ -128,35 +100,3 @@ jobs:
 
     outputs:
       tags: ${{ steps.meta.outputs.tags }}
-
-  generate-sbom:
-    needs: build-image
-    uses: ./.github/workflows/witness.yml
-    with:
-      pull_request: ${{ github.event_name == 'pull_request' }}
-      step: generate-sbom 
-      pre-command-attestations: "git github environment"
-      attestations: "git github environment sbom"
-      artifact-download: image.tar
-      pre-command: |
-        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
-      command: |
-        syft packages docker-archive:/tmp/image.tar --source-name=pkg:oci/testifysec/swf -o cyclonedx-json --file sbom.cdx.json
-      artifact-upload-name: sbom.cdx.json
-      artifact-upload-path: sbom.cdx.json
-
-  secret-scan:
-    needs: build-image
-    uses: ./.github/workflows/witness.yml
-    with:
-      pull_request: ${{ github.event_name == 'pull_request' }}
-      step: secret-scan
-      pre-command-attestations: "git github environment"
-      attestations: "git github environment"
-      artifact-download: image.tar
-      pre-command: |
-        curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
-      command: |
-        trufflehog docker --image=file:///tmp/image.tar -j > trufflehog.json
-      artifact-upload-name: trufflehog.json
-      artifact-upload-path: trufflehog.json