From 591a437e1c531e6cc21b88a32d40072c77da4b4a Mon Sep 17 00:00:00 2001
From: Calin Lupas <lupas_calin@yahoo.com>
Date: Mon, 21 Apr 2025 15:58:10 -0400
Subject: [PATCH 1/3] Refactor CI/CD workflow to improve structure and
 organization of container build and publish job

---
 .github/workflows/cicd.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index ce4a542..83930d3 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -18,9 +18,7 @@ env:
 jobs:
   cicd:
     name: Build and Deploy to Azure Web App
-    
     runs-on: ubuntu-latest
-
     steps:
       # Checkout the repo
       - uses: actions/checkout@v4
@@ -71,10 +69,12 @@ jobs:
       - name: logout
         run: |
           az logout
-
-      - uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.2.0
-        continue-on-error: true
-        with:
-          # This is used for tagging the container image
-          version: v1.0.0
-          container-file: ./src/webapp01/Dockerfile
\ No newline at end of file
+    
+  container-build-publish:
+    name: Build and Publish Container Image
+    needs: []
+    uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.2.0
+    with:
+      # This is used for tagging the container image
+      version: v1.0.0
+      container-file: ./src/webapp01/Dockerfile
\ No newline at end of file

From fcf5d547a1d334eb9ac09c2f1c2d12b2d433d592 Mon Sep 17 00:00:00 2001
From: Calin Lupas <lupas_calin@yahoo.com>
Date: Mon, 21 Apr 2025 16:10:07 -0400
Subject: [PATCH 2/3] Add attestations permission and update comments in CI/CD
 workflow

---
 .github/workflows/cicd.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index 83930d3..d2e8c6b 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -6,6 +6,7 @@ on:
       - main
 
 permissions:
+    attestations: write
     id-token: write
     contents: read
 
@@ -69,7 +70,8 @@ jobs:
       - name: logout
         run: |
           az logout
-    
+ 
+  # https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3          
   container-build-publish:
     name: Build and Publish Container Image
     needs: []

From 6160c71d62e722bd648e5c2171421a6f7fbf4ef2 Mon Sep 17 00:00:00 2001
From: Calin Lupas <lupas_calin@yahoo.com>
Date: Mon, 21 Apr 2025 16:14:52 -0400
Subject: [PATCH 3/3] Add secret scanning configuration to ignore specific
 paths

---
 .github/secret_scanning.yml | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 .github/secret_scanning.yml

diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
new file mode 100644
index 0000000..d9874dd
--- /dev/null
+++ b/.github/secret_scanning.yml
@@ -0,0 +1,4 @@
+paths-ignore:
+  - "docs/**"
+  - "README.md"
+  - "**/README.md"
\ No newline at end of file