feature/improve-test-job-speeds

[chopkinsmade]

What

Create a single job that builds the docker image used by test jobs. As jobs run on independant runner machines, it is not possible for the test jobs to directly access the build docker image from the build job. The upload and download artefact steps are used to get around this

Why

Both test jobs build their own image, which takes longer and adds duplicate code

How this has been tested

• I have tested locally
• Testing not required

Reviewer Checklist

• I have reviewed the PR and ensured no secret values are present

[Mo-DBT]

LGTM! Just a note since we had already discussed it, could be moving some jobs to an ad-hoc local action under .github/actions so we don't have to duplicate logic across multiple files. For example in org.common-ci.yml we could do something for Build docker image step or the repeated docker run ... line present in several places.

We could add something like this as a local action similar to the vulnerability workflow :) :

name: "Security Scan"
description: "Run security scanning using the locally built docker image"

inputs:
  image:
    description: "Docker image to run"
    required: true
  mode:
    description: "Command to run inside the container (run_scan or validate_scan)"
    required: true

runs:
  using: "composite"
  steps:
    - name: Run security scan
      shell: bash
      run: |
        docker run \
          --user $(id -u):$(id -g) \
          -e FORCE_HOOK_CHECKS=0 \
          --rm \
          -v .:/src \ #"${{ inputs.path }}":/src \ <--- but we need to add the path input
          -w /src \
          "${{ inputs.image }}" \
          "${{ inputs.mode }}" \
          --github-action \
          /src