try again2 #1223
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Scan & Publish image and helm chart on push, deployment on push, delete deployment on branch deletion, scheduled trivy scanner | ||
| name: "Dev Pipeline" | ||
| # All triggers have to be in one file, so that the trivy results can be compared to identify introduced vulnerabilities | ||
| # See DBP-340 | ||
| on: | ||
| push: | ||
| branches: | ||
| - "*" | ||
| schedule: | ||
| - cron: '0 2 * * *' | ||
| delete: | ||
| concurrency: | ||
| group: dbildungs-iam-keycloak-${{ github.event.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| codeql_analyze: | ||
| name: "CodeQL" | ||
| if: ${{ github.event_name == 'push' }} | ||
| uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-codeql.yaml@5 | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| build_dependencies_for_image_on_push: | ||
| if: ${{ github.event_name == 'push' }} | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| packages: write | ||
| security-events: write | ||
| contents: read | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| ref: ${{ github.ref_name }} | ||
| - name: Set up JDK 11 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '11' | ||
| distribution: 'temurin' | ||
| - name: Build Jars with Maven | ||
| run: mvn -f providers/privacyidea/pom.xml clean package | ||
| build_image_on_push_2: | ||
|
Check failure on line 48 in .github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml
|
||
| uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@DBP-1196-adjust-dev-release-piepline | ||
| with: | ||
| image_name: "dbildungs-iam-keycloak" | ||
| run_trivy_scan: true | ||
| image_tag_generation: ${{ github.ref_name == 'main' && 'commit_hash' || 'ticket_from_branch' }} | ||
| add_latest_tag: ${{ github.ref_name == 'main' }} | ||
| container_registry: "ghcr.io" | ||
| fail_on_vulnerabilites: false | ||
| report_location: "Dockerfile" | ||
| target: "deployment" | ||
| github_branch: ${{ github.ref_name }} | ||
| # scan_helm: | ||
| # if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }} | ||
| # uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5 | ||
| # permissions: | ||
| # contents: read | ||
| # select_helm_version_generation_and_image_tag_generation: | ||
| # if: ${{ github.event_name == 'push'}} | ||
| # runs-on: ubuntu-latest | ||
| # outputs: | ||
| # SELECT_HELM_VERION_GENERATION: ${{ steps.select_generation.outputs.SELECT_HELM_VERION_GENERATION }} | ||
| # SELECT_IMAGE_TAG_GENERATION: ${{ steps.select_generation.outputs.SELECT_IMAGE_TAG_GENERATION }} | ||
| # steps: | ||
| # - id: select_generation | ||
| # shell: bash | ||
| # run: | | ||
| # if ${{ github.ref_name == 'main' }}; then | ||
| # echo "SELECT_HELM_VERION_GENERATION=timestamp" >> "$GITHUB_OUTPUT" | ||
| # echo "SELECT_IMAGE_TAG_GENERATION=commit_hash" >> "$GITHUB_OUTPUT" | ||
| # else | ||
| # echo "SELECT_HELM_VERION_GENERATION=ticket_from_branch_timestamp" >> "$GITHUB_OUTPUT" | ||
| # echo "SELECT_IMAGE_TAG_GENERATION=ticket_from_branch" >> "$GITHUB_OUTPUT" | ||
| # fi | ||
| # release_helm: | ||
| # needs: | ||
| # - select_helm_version_generation_and_image_tag_generation | ||
| # if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }} | ||
| # uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7 | ||
| # secrets: inherit | ||
| # with: | ||
| # chart_name: dbildungs-iam-keycloak | ||
| # image_tag_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_IMAGE_TAG_GENERATION }} | ||
| # helm_chart_version_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_HELM_VERION_GENERATION }} | ||
| # wait_for_helm_chart_to_get_published: | ||
| # needs: | ||
| # - release_helm | ||
| # runs-on: ubuntu-latest | ||
| # steps: | ||
| # - shell: bash | ||
| # run: sleep 1m | ||
| # branch_meta: | ||
| # if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }} | ||
| # uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@3 | ||
| # create_branch_identifier: | ||
| # if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }} | ||
| # needs: | ||
| # - branch_meta | ||
| # uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3 | ||
| # with: | ||
| # branch: ${{ needs.branch_meta.outputs.branch }} | ||
| # deploy: | ||
| # if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }} | ||
| # needs: | ||
| # - branch_meta | ||
| # - create_branch_identifier | ||
| # - wait_for_helm_chart_to_get_published | ||
| # - build_image_on_push | ||
| # uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5 | ||
| # with: | ||
| # dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }} | ||
| # schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }} | ||
| # dbildungs_iam_keycloak_branch: ${{ needs.branch_meta.outputs.ticket }} | ||
| # dbildungs_iam_ldap_branch: ${{ needs.branch_meta.outputs.ticket }} | ||
| # namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }} | ||
| # secrets: inherit | ||
| # # On Delete | ||
| # create_branch_identifier_for_deletion: | ||
| # if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }} | ||
| # uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3 | ||
| # with: | ||
| # branch: ${{ github.event.ref }} | ||
| # delete_namespace: | ||
| # if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch'}} | ||
| # needs: | ||
| # - create_branch_identifier_for_deletion | ||
| # uses: dBildungsplattform/spsh-app-deploy/.github/workflows/delete-namespace.yml@5 | ||
| # with: | ||
| # namespace: ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} | ||
| # secrets: | ||
| # SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }} | ||
| # delete_successful: | ||
| # if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }} | ||
| # needs: | ||
| # - delete_namespace | ||
| # - create_branch_identifier_for_deletion | ||
| # runs-on: ubuntu-latest | ||
| # steps: | ||
| # - run: echo "Deletion workflow of namespace" ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} "done" | ||
| # # Scheduled | ||
| # scheduled_trivy_scan: | ||
| # name: "Scheduled trivy scan of latest image" | ||
| # if: ${{ github.event_name == 'schedule' }} | ||
| # permissions: | ||
| # packages: read | ||
| # security-events: write | ||
| # uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7 | ||
| # with: | ||
| # image_ref: 'ghcr.io/${{ github.repository_owner }}/dbildungs-iam-keycloak:latest' | ||
| # fail_on_vulnerabilites: false | ||
| # report_location: "Dockerfile" | ||
