ci: move gistream to shared workflow and add pragmas

Author: benjivesterby

.github/workflows/build.yml

@@ -9,4 +9,4 @@ jobs:
   lint-build-test:
     name: Lint, Build & Test
     uses: devnw/workflows/.github/workflows/build.yml@main
-    secrets: inherit
+    secrets: inherit # pragma: allowlist secret

.github/workflows/docs.yml

@@ -8,4 +8,4 @@ jobs:
   update-readme:
     name: Update README with Go documentation
     uses: devnw/workflows/.github/workflows/docs.yml@main
-    secrets: inherit
+    secrets: inherit # pragma: allowlist secret

.github/workflows/gitstream.yml

@@ -4,44 +4,9 @@ name: gitStream workflow automation
 
 on:
   workflow_dispatch:
-    inputs:
-      client_payload:
-          description: The Client payload
-          required: true
-      full_repository:
-          description: the repository name include the owner in `owner/repo_name` format
-          required: true
-      head_ref:
-          description: the head sha
-          required: true
-      base_ref:
-          description: the base ref 
-          required: true
-      installation_id:
-          description: the installation id
-          required: false
-      resolver_url:
-          description: the resolver url to pass results to
-          required: true
-      resolver_token:
-          description: Optional resolver token for resolver service
-          required: false
-          default: ''
 
 jobs:
   gitStream:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
     name: gitStream workflow automation
-    steps:
-      - name: Evaluate Rules
-        uses: linear-b/gitstream-github-action@v1
-        id: rules-engine
-        with:
-          full_repository: ${{ github.event.inputs.full_repository }}
-          head_ref: ${{ github.event.inputs.head_ref }}
-          base_ref: ${{ github.event.inputs.base_ref }}
-          client_payload: ${{ github.event.inputs.client_payload }}
-          installation_id: ${{ github.event.inputs.installation_id }}
-          resolver_url: ${{ github.event.inputs.resolver_url }}
-          resolver_token: ${{ github.event.inputs.resolver_token }}
+    uses: devnw/workflows/.github/workflows/gitstream.yml@main
+    secrets: inherit # pragma: allowlist secret

.secrets.baseline

@@ -72,6 +72,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -101,25 +105,6 @@
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
     }
   ],
-  "results": {
-    ".github/workflows/build.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": ".github/workflows/build.yml",
-        "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0",
-        "is_verified": false,
-        "line_number": 12
-      }
-    ],
-    ".github/workflows/docs.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": ".github/workflows/docs.yml",
-        "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0",
-        "is_verified": false,
-        "line_number": 11
-      }
-    ]
-  },
-  "generated_at": "2023-03-27T20:03:18Z"
+  "results": {},
+  "generated_at": "2023-03-27T20:44:00Z"
 }