delete unused workflows (#28)

Co-authored-by: Michael Long <mlongii@amazon.com>

.github/workflows/container_local.yml → .github/workflows/build_scan_container.yml

@@ -1,4 +1,16 @@
-on: [push]
+name: Demonstrate Build and Scan Container Image Scan
+
+# This workflow demonstrates how to build
+# a Docker image, and then scan the image
+# with Inspector. This workflow runs automatically
+# every 6 hours, and on pushes.
+
+on:
+  schedule:
+    - cron: '0 */6 * * *' # runs every 6 hours
+  push:
+    branches: #
+      - '*'
 
 jobs:
   build:
@@ -8,16 +20,16 @@ jobs:
       name: plugin-development
 
     steps:
-      - name: Checkout
+      - name: Checkout this repository
         uses: actions/checkout@v4
 
-      - name: Set up QEMU
+      - name: Set up docker build prereqs: QEMU
         uses: docker/setup-qemu-action@v3
 
-      - name: Set up Docker Buildx
+      - name: Set up docker build prereqs: Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build and push Docker image
+      - name: Build Docker image
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -26,19 +38,17 @@ jobs:
           tags: app:latest
           load: true
 
-      - name: check local images
-        run: docker images
-
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          # TODO: use an IAM role
 
-
-      - name: Scan artifact with Inspector
-        uses: ./ # Uses an action in the root directory
+      - name: Scan built image with Inspector
+        uses: aws/amazon-inspector-github-actions-plugin@main 
+        # TODO: bump action to v1 on release
         id: inspector
         with:
           artifact_type: 'container'
@@ -61,7 +71,7 @@ jobs:
       - name: Demonstrate Inspector Scan Output (CSV)
         run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
 
-      - name: Upload Inspector Scan Results
+      - name: Demonstrate Upload Scan Results
         uses: actions/upload-artifact@v4
         with:
           name: Inspector Scan SBOM Results
@@ -70,9 +80,9 @@ jobs:
             ${{ steps.inspector.outputs.inspector_scan_results_csv }}
             ${{ steps.inspector.outputs.artifact_sbom }}
 
+      - name: Fail job if vulnerability threshold is exceeded
+        run: exit ${{ steps.inspector.outputs.vulnerability_threshold_exceeded }}
 
-      - name: Fail if vulnerability threshold is exceeded
-        run: echo ${{ steps.inspector.outputs.vulnerability_threshold_exceeded }}
-
-      - name: Upload image to registry
-        run: echo docker push
+      - name: Run custom logic if vulnerability threshold is exceeded
+        if: failure()
+        run: echo "vulnerability threshold exceeded"