Call reusable action for go version updates (#715)

* add workflow

* Update actions.yml

* update container scan

* update container scan

.github/workflows/.trivyignore

@@ -0,0 +1,8 @@
+# list of CVEs that are currently unfixed
+# list of best practies violatied that needs a fix
+CIS-DI-0009
+DKL-DI-0006
+CIS-DI-0005
+CIS-DI-0006
+CIS-DI-0008
+DKL-LI-0003

.github/workflows/actions.yml

@@ -64,8 +64,7 @@ jobs:
     env:
       BASE_IMG: ubuntu:latest
     steps:
-      - name: Set up Go 1.22+
-        uses: actions/setup-go@v5
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.22
         id: go
@@ -80,9 +79,10 @@ jobs:
           podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar
           docker load -i /tmp/csm-operator.tar
       - name: Scan controller Image
-        uses: Azure/container-scan@v0
-        env:
-          DOCKLE_HOST: "unix:///var/run/docker.sock"
+        uses: aquasecurity/trivy-action@0.24.0
         with:
-          image-name: csm-operator
-          severity-threshold: HIGH
+          image-ref: csm-operator:latest
+          severity: 'HIGH'
+          ignore-unfixed: true
+          exit-code: '1'
+          trivyignores: '.github/workflows/.trivyignore'

.github/workflows/go-version.yaml

@@ -0,0 +1,22 @@
+# Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+
+# Reusable workflow to perform go version update on Golang based projects
+name: Go Version Update
+
+on:
+  workflow_dispatch:
+  repository_dispatch:
+    types: [go-update-workflow]
+
+jobs:
+  # go version update
+  go-version-update:
+    uses: dell/common-github-actions/.github/workflows/go-version-workflow.yaml@main
+    name: Go Version Update
+    secrets: inherit