Update workflow

(cherry picked from commit 953702a)

.github/workflows/invoke-codeql-analysis.yml

@@ -20,4 +20,19 @@ jobs:
       actions: "read"
       contents: "read"
       security-events: "write"
-    uses: "hugoalh/hugoalh/.github/workflows/call-invoke-codeql-analysis-0.yml@main"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Repository"
+        uses: "actions/checkout@v4.1.7"
+        with:
+          fetch-depth: "0"
+      - name: "Initialize CodeQL"
+        uses: "github/codeql-action/init@v3.26.6"
+        with:
+          queries: "+security-and-quality"
+      # Automatically build attempts to build any compiled languages.
+      - name: "Build Repository"
+        uses: "github/codeql-action/autobuild@v3.26.6"
+        continue-on-error: true
+      - name: "Analyze Repository"
+        uses: "github/codeql-action/analyze@v3.26.6"

.github/workflows/invoke-devskim-analysis.yml

@@ -20,4 +20,15 @@ jobs:
       actions: "read"
       contents: "read"
       security-events: "write"
-    uses: "hugoalh/hugoalh/.github/workflows/call-invoke-devskim-analysis-0.yml@main"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Repository"
+        uses: "actions/checkout@v4.1.7"
+        with:
+          fetch-depth: "0"
+      - name: "Analyze Repository"
+        uses: "microsoft/DevSkim-Action@v1.0.14"
+      - name: "Upload Analysis Result"
+        uses: "github/codeql-action/upload-sarif@v3.26.6"
+        with:
+          sarif_file: "devskim-results.sarif"

.github/workflows/publish-docker-container-ghp.yml → .github/workflows/publish-docker-image.yml

@@ -1,5 +1,5 @@
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: "Publish Docker Container - GitHub Packages"
+name: "Publish Docker Image"
 on:
   push:
     tags:
@@ -22,23 +22,29 @@ env:
   REGISTRY: "ghcr.io"
   IMAGE_NAME: "${{github.event.repository.full_name}}"
 jobs:
-  main:
-    name: "Main"
+  ghp:
+    name: "GitHub Packages"
+    permissions:
+      contents: "read"
+      packages: "write"
     runs-on: "ubuntu-latest"
     steps:
       - name: "Checkout Repository"
         uses: "actions/checkout@v4.1.7"
-      - name: "Sign In To Registry ${{env.REGISTRY}}"
+      - name: "Setup Docker Buildx"
+        uses: "docker/setup-buildx-action@v3.6.1"
+      - name: "Sign In To GitHub Packages"
         uses: "docker/login-action@v3.3.0"
         with:
-          registry: "${{env.REGISTRY}}"
+          registry: "ghcr.io"
           username: "${{github.actor}}"
           password: "${{github.token}}"
-      - name: "Generate Docker Metadata"
-        id: "docker-meta"
+      - name: "Resolve Metadata"
+        id: "metadata"
         uses: "docker/metadata-action@v5.5.1"
         with:
-          images: "${{env.REGISTRY}}/${{env.IMAGE_NAME}}"
+          images: |-
+            name=ghcr.io/${{github.repository}}
           tags: |-
             type=raw,enable=${{inputs.tag != ''}},value=${{inputs.tag}}
             type=raw,enable=${{inputs.latest == 'true'}},value=latest
@@ -47,21 +53,25 @@ jobs:
             type=semver,enable=${{inputs.tag == ''}},pattern={{major}}.{{minor}}
             type=semver,enable=${{inputs.tag == ''}},pattern={{major}}
           labels: |-
-            org.opencontainers.image.authors=${{github.event.repository.owner.login}}
+            org.opencontainers.image.authors=${{github.repository_owner}}
             org.opencontainers.image.licenses=MIT
             org.opencontainers.image.title=Send Discord Webhook (GitHub Action) Image
             org.opencontainers.image.description=A Docker image for Send Discord Webhook (GitHub Action) to send Discord webhook.
-      - name: "Build & Push Docker Image"
+      - name: "Build & Publish Docker Image"
         uses: "docker/build-push-action@v6.7.0"
         with:
           context: "./"
           file: "Dockerfile"
-          labels: "${{steps.docker-meta.outputs.labels}}"
+          labels: "${{steps.metadata.outputs.labels}}"
           platforms: |-
             linux/amd64
           pull: "true"
           push: "true"
-          tags: "${{steps.docker-meta.outputs.tags}}"
+          tags: "${{steps.metadata.outputs.tags}}"
+          cache-from: |-
+            type=gha
+          cache-to: |-
+            type=gha,mode=max
       - name: "List Docker Image"
         run: |-
           docker image ls --all --digests --no-trunc

.github/workflows/scan-virus.yml

@@ -40,13 +40,20 @@ jobs:
     name: "Main"
     permissions:
       contents: "read"
-    uses: "hugoalh/hugoalh/.github/workflows/call-scan-virus-0.yml@main"
-    with:
-      git_integrate: "${{github.event.inputs.git_integrate || 'False'}}"
-      git_limit: "${{github.event.inputs.git_limit || '0'}}"
-      git_reverse: "${{github.event.inputs.git_reverse || 'False'}}"
-      ignores_post: |-
-        Param($ElementPostMeta)
-        Return (
-          $ElementPostMeta.Path -imatch '^node_modules[\\/]'
-        )
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Repository"
+        uses: "actions/checkout@v4.1.7"
+        with:
+          fetch-depth: "0"
+      - name: "Scan Repository"
+        uses: "hugoalh/scan-virus-ghaction/clamav@v0.20.1"
+        with:
+          git_integrate: "${{github.event.inputs.git_integrate || 'False'}}"
+          git_limit: "${{github.event.inputs.git_limit || '0'}}"
+          git_reverse: "${{github.event.inputs.git_reverse || 'False'}}"
+          ignores_post: |-
+            Param($ElementPostMeta)
+            Return (
+              $ElementPostMeta.Path -imatch '^node_modules[\\/]'
+            )

.github/workflows/sync-labels.yml

@@ -14,4 +14,12 @@ jobs:
       contents: "read"
       issues: "write"
       pull-requests: "write"
-    uses: "hugoalh/hugoalh/.github/workflows/call-sync-labels-0.yml@main"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Repository"
+        uses: "actions/checkout@v4.1.7"
+      - name: "Sync Labels"
+        uses: "EndBug/label-sync@v2.3.3"
+        with:
+          config-file: ".github/labels.yml"
+          delete-other-labels: "true"