Adding reusable workflows and actions for use across FMOS build processes (zephyrproject-rtos#9)

* actions: adding trivy-cve-scan

* workflows: adding fmos-ci-self-test.yml

Author: chrisvintc

.github/workflows/fmos-ci-self-test.yml

@@ -0,0 +1,37 @@
+name: fmos-ci-self-test standard workflow
+on:
+  workflow_call:
+    inputs:
+      container:
+        required: true
+        type: string
+      runner:
+        required: true
+        type: string
+    secrets:
+      token:
+        required: true
+
+jobs:
+  fmos-ci-self-test:
+    runs-on: ${{ inputs.runner }}
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: ${{ inputs.container }}
+      options: -v/opt/toolchains:/opt/toolchains
+    strategy:
+      matrix:
+        batch: [1, 2, 3]
+        batch_total: [ 3 ]
+    steps:
+      - name: checkout zephyr ci-self-test tag
+        uses: actions/checkout@v2
+        with:
+          path: 'zephyrproject/zephyr'
+          repository: 'intel-innersource/os.rtos.zephyr.zephyr.git'
+          ref: '1rtos-ci-self-test'
+          token: ${{ secrets.token }}
+      - name: run 1rtos-ci twister wrapper with batch options
+        run: /opt/1rtos/container-api.sh 1rtos-ci $GITHUB_WORKSPACE ${{ matrix.batch }} ${{ matrix.batch_total }}

actions/trivy-cve-scan/action.yml

@@ -0,0 +1,30 @@
+name: 'trivy-cve-scan'
+description: 'executes trivy CVE scan on selected container url'
+inputs:
+  container-url:
+    description: 'url pointint to container to scan'
+    required: true
+  cve-level:
+    description: 'label for this instance'
+    required: true
+    default: 'CRITICAL,HIGH'
+  exit-code:
+    description: 'testnet hostname to target for install'
+    required: true
+    default: '1'
+  dockerio-user:
+    description: 'username for docker.io, required to login for pull operation'
+    required: true
+  dockerio-pass:
+    description: 'password for docker.io, required to login for pull operation'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: execute trivy scan on external container
+      run: |
+        docker login -u ${{ inputs.dockerio-user }} -p ${{ inputs.dockerio-pass }} && \
+        docker run --rm -e http_proxy -e https_proxy -v/var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest i --security-checks vuln,config --exit-code ${{ inputs.exit-code }} --ignore-unfixed --severity ${{ inputs.cve-level }} ${{ inputs.container-url }} && \
+        docker logout
+      shell: bash