From 7210330a6eaea11283548ddb1733bc0faa9b185b Mon Sep 17 00:00:00 2001
From: Alex Lowe <alex.lowe@canonical.com>
Date: Wed, 11 Dec 2024 12:45:46 -0500
Subject: [PATCH] build(ci): use starflow for policy and security scans

---
 .github/workflows/cla-check.yaml                 | 16 ----------------
 .../{security-scan.yaml => policy.yaml}          |  9 +++++----
 2 files changed, 5 insertions(+), 20 deletions(-)
 delete mode 100644 .github/workflows/cla-check.yaml
 rename .github/workflows/{security-scan.yaml => policy.yaml} (77%)

diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml
deleted file mode 100644
index 2cd7e1ca3..000000000
--- a/.github/workflows/cla-check.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: cla-check
-on:
-  pull_request:
-  merge_group:
-
-jobs:
-  cla-check:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check if CLA signed
-        uses: canonical/has-signed-canonical-cla@v1
-        # This prevents the action from running on a merge group, where it fails.
-        if: ${{ github.event_name != 'merge_group' }}
-      - name: No-Op  # This exists so the job succeeds if the above step doesn't run.
-        run: 'true'
-        if: ${{ github.event_name == 'merge_group' }}
diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/policy.yaml
similarity index 77%
rename from .github/workflows/security-scan.yaml
rename to .github/workflows/policy.yaml
index 815b1c807..891088325 100644
--- a/.github/workflows/security-scan.yaml
+++ b/.github/workflows/policy.yaml
@@ -1,15 +1,17 @@
-name: Security scan
+name: Check policy
 on:
   pull_request:
   push:
     branches:
       - main
       - hotfix/*
-      - work/secscan  # For development
+      - work/check-policy  # For development
 
 jobs:
+  policy:
+    uses: canonical/starflow/.github/workflows/policy.yaml@main
   python-scans:
-    name: Scan Python project
+    name: Security scan
     uses: canonical/starflow/.github/workflows/scan-python.yaml@main
     with:
       packages: python-apt-dev
@@ -19,4 +21,3 @@ jobs:
       requirements-find-args: '! -name requirements-noble.txt ! -path "./tests/spread/*"'
       osv-extra-args: '--config=source/osv-scanner.toml'
       uv-export: false
-      uv-sync-extra-args: --no-dev