feat: define static code analysis workflow

.github/workflows/static-code-analysis.yml

@@ -1,53 +1,81 @@
-# Copyright 2024 Specter Ops, Inc.
-#
-# Licensed under the Apache License, Version 2.0
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-
+---
 name: Static Code Analysis
+run-name: Code Anaylsis started by @${{ github.actor }} for ${{ github.ref_name }}
 
 on:
-  push:
-    branches: [main]
-  pull_request:
-    types: [opened, synchronize]
+  workflow_call:
+    inputs:
+      bloodhound_image_tar_artifact_name:
+        type: string
+        required: true
+      bloodhound_image_tar_path:
+        type: string
+        required: true
+    secrets:
+      dockerhub_account:
+        required: true
+      dockerhub_token:
+        required: true
+      ghcr_account:
+        required: true
+      ghcr_token:
+        required: true
+      gh_access_token:
+        required: true
 
 jobs:
-  run-analysis:
-    runs-on: ubuntu-latest
+  lint-container-images:
+    name: Anaylze Dockerfiles
+    uses: SpecterOps/build-automation/.github/workflows/reusable.lint-container-image.yml@main
+    with:
+      build_automation_ref: main
+    secrets:
+      dockerhub_account: ${{ secrets.dockerhub_username }}
+      dockerhub_token: ${{ secrets.dockerhub_token }}
+      ghcr_account: ${{ github.actor }}
+      ghcr_token: ${{ secrets.github_token }}
+      gh_access_token: ${{ secrets.gh_access_token }}
 
+  golangci-lint:
+    name: Anaylze Golang Code
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout source code for this repository
-        uses: actions/checkout@v3
-
-      - name: Install Go
-        uses: actions/setup-go@v4
+      - name: Download Image Tar
+        uses: actions/download-artifact@v4
         with:
-          go-version: "^1.23.0"
+          name: ${{ inputs.bloodhound_image_tar_artifact_name }}
+          path: /tmp
 
-      - name: Install Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
+      - name: Load Image
+        shell: bash
+        run: |-
+          docker load --input "/tmp/${{ inputs.bloodhound_image_tar_artifact_name }}.tar"
+          docker image ls
 
-      - name: Install Yarn
-        run: |
-          npm install --global yarn
+      - name: Run Tests
+        shell: bash
+        run: |-
+          docker run --rm specterops/bloodhound:${{ inputs.bloodhound_image_tar_artifact_name }} \
+            golangci-lint
+
+  eslint:
+    runs-on: ubuntu-latest
+    name: Anaylze JavaScript/TypeSCript Code
+    steps:
+      - name: Download Image Tar
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.bloodhound_image_tar_artifact_name }}
+          path: /tmp
 
-      - name: Install Deps
-        run: |
-          go run github.com/specterops/bloodhound/packages/go/stbernard deps
+      - name: Load Image
+        shell: bash
+        run: |-
+          docker load --input "/tmp/${{ inputs.bloodhound_image_tar_artifact_name }}.tar"
+          docker image ls
 
-      - name: Run Analysis
-        run: |
-          go run github.com/specterops/bloodhound/packages/go/stbernard analysis
+      - name: Run Tests
+        shell: bash
+        run: |-
+          docker run --rm specterops/bloodhound:${{ inputs.bloodhound_image_tar_artifact_name }} \
+            yarn run lint