test build

dBildungsplattform · Dec 16, 2024 · f5a6792 · f5a6792
1 parent ef67b1a
commit f5a6792
Show file tree

Hide file tree

Showing 2 changed files with 138 additions and 118 deletions.
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -19,6 +19,9 @@ jobs:
       contents: read
       security-events: write
 
+  build_plugins: 
+
+
   release_image:
     name: "Publish image and scan with trivy"
     needs: codeql_analyze

diff --git a/.github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml b/.github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml
@@ -26,129 +26,146 @@ jobs:
       security-events: write
 
   build_image_on_push:
-    name: "Publish image and scan with trivy"
     if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
     permissions:
       packages: write
       security-events: write
       contents: read
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@7
-    with:
-      image_name: "dbildungs-iam-keycloak"
-      run_trivy_scan: true
-      image_tag_generation: ${{ github.ref_name == 'main' && 'commit_hash' || 'ticket_from_branch' }}
-      add_latest_tag: ${{ github.ref_name == 'main' }}
-      container_registry: "ghcr.io"
-      fail_on_vulnerabilites: false
-      report_location: "Dockerfile"
-      target: "deployment"
-
-  scan_helm:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
-    permissions:
-      contents: read
 
-  select_helm_version_generation_and_image_tag_generation:
-    if: ${{ github.event_name == 'push'}}
-    runs-on: ubuntu-latest
-    outputs: 
-      SELECT_HELM_VERION_GENERATION: ${{ steps.select_generation.outputs.SELECT_HELM_VERION_GENERATION }}
-      SELECT_IMAGE_TAG_GENERATION: ${{ steps.select_generation.outputs.SELECT_IMAGE_TAG_GENERATION }}
-    steps:
-      - id: select_generation
-        shell: bash
-        run: |
-          if ${{ github.ref_name == 'main' }}; then
-            echo "SELECT_HELM_VERION_GENERATION=timestamp" >> "$GITHUB_OUTPUT"
-            echo "SELECT_IMAGE_TAG_GENERATION=commit_hash" >> "$GITHUB_OUTPUT"
-          else
-            echo "SELECT_HELM_VERION_GENERATION=ticket_from_branch_timestamp" >> "$GITHUB_OUTPUT"
-            echo "SELECT_IMAGE_TAG_GENERATION=ticket_from_branch" >> "$GITHUB_OUTPUT"
-          fi
-
-  release_helm:
-    needs:
-      - select_helm_version_generation_and_image_tag_generation
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7
-    secrets: inherit
-    with:
-      chart_name: dbildungs-iam-keycloak
-      image_tag_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_IMAGE_TAG_GENERATION  }}
-      helm_chart_version_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_HELM_VERION_GENERATION  }}
-
-  wait_for_helm_chart_to_get_published:
-    needs:
-      - release_helm
-    runs-on: ubuntu-latest
     steps:
-      - shell: bash
-        run: sleep 1m 
-
-  branch_meta:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@3
-
-  create_branch_identifier:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    needs: 
-      - branch_meta
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
-    with:
-      branch: ${{ needs.branch_meta.outputs.branch }}
-
-  deploy:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    needs:
-      - branch_meta
-      - create_branch_identifier
-      - wait_for_helm_chart_to_get_published
-      - build_image_on_push
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
-    with:
-      dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }}
-      schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }}
-      dbildungs_iam_keycloak_branch: ${{ needs.branch_meta.outputs.ticket }}
-      dbildungs_iam_ldap_branch: ${{ needs.branch_meta.outputs.ticket }}
-      namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }}
-    secrets: inherit
-
-  # On Delete
-  create_branch_identifier_for_deletion:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
-    with:
-      branch: ${{ github.event.ref }}
-
-  delete_namespace:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch'}}
-    needs:
-      - create_branch_identifier_for_deletion
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/delete-namespace.yml@5
-    with:
-      namespace: ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }}
-    secrets:
-      SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }}
-
-  delete_successful:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
-    needs:
-      - delete_namespace
-      - create_branch_identifier_for_deletion
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "Deletion workflow of namespace" ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} "done" 
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        ref: ${{ github.ref_name }}
 
-  # Scheduled
-  scheduled_trivy_scan:
-    name: "Scheduled trivy scan of latest image"
-    if: ${{ github.event_name == 'schedule' }}
-    permissions:
-      packages: read
-      security-events: write
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7
-    with:
-      image_ref: 'ghcr.io/${{ github.repository_owner }}/dbildungs-iam-keycloak:latest'
-      fail_on_vulnerabilites: false
-      report_location: "Dockerfile"
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+
+      - name: Build Jars with Maven
+        run: mvn -f providers/privacyidea/pom.xml clean package
+
+      - name: 'Checkout repository'
+        uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@DBP-1196-adjust-dev-release-piepline
+        with:
+          image_name: "dbildungs-iam-keycloak"
+          run_trivy_scan: true
+          image_tag_generation: ${{ github.ref_name == 'main' && 'commit_hash' || 'ticket_from_branch' }}
+          add_latest_tag: ${{ github.ref_name == 'main' }}
+          container_registry: "ghcr.io"
+          fail_on_vulnerabilites: false
+          report_location: "Dockerfile"
+          target: "deployment"
+          github_branch: ${{ github.ref_name }}
+
+  # scan_helm:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
+  #   permissions:
+  #     contents: read
+
+  # select_helm_version_generation_and_image_tag_generation:
+  #   if: ${{ github.event_name == 'push'}}
+  #   runs-on: ubuntu-latest
+  #   outputs: 
+  #     SELECT_HELM_VERION_GENERATION: ${{ steps.select_generation.outputs.SELECT_HELM_VERION_GENERATION }}
+  #     SELECT_IMAGE_TAG_GENERATION: ${{ steps.select_generation.outputs.SELECT_IMAGE_TAG_GENERATION }}
+  #   steps:
+  #     - id: select_generation
+  #       shell: bash
+  #       run: |
+  #         if ${{ github.ref_name == 'main' }}; then
+  #           echo "SELECT_HELM_VERION_GENERATION=timestamp" >> "$GITHUB_OUTPUT"
+  #           echo "SELECT_IMAGE_TAG_GENERATION=commit_hash" >> "$GITHUB_OUTPUT"
+  #         else
+  #           echo "SELECT_HELM_VERION_GENERATION=ticket_from_branch_timestamp" >> "$GITHUB_OUTPUT"
+  #           echo "SELECT_IMAGE_TAG_GENERATION=ticket_from_branch" >> "$GITHUB_OUTPUT"
+  #         fi
+
+  # release_helm:
+  #   needs:
+  #     - select_helm_version_generation_and_image_tag_generation
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7
+  #   secrets: inherit
+  #   with:
+  #     chart_name: dbildungs-iam-keycloak
+  #     image_tag_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_IMAGE_TAG_GENERATION  }}
+  #     helm_chart_version_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_HELM_VERION_GENERATION  }}
+
+  # wait_for_helm_chart_to_get_published:
+  #   needs:
+  #     - release_helm
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - shell: bash
+  #       run: sleep 1m 
+
+  # branch_meta:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@3
+
+  # create_branch_identifier:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   needs: 
+  #     - branch_meta
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
+  #   with:
+  #     branch: ${{ needs.branch_meta.outputs.branch }}
+
+  # deploy:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   needs:
+  #     - branch_meta
+  #     - create_branch_identifier
+  #     - wait_for_helm_chart_to_get_published
+  #     - build_image_on_push
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
+  #   with:
+  #     dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     dbildungs_iam_keycloak_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     dbildungs_iam_ldap_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }}
+  #   secrets: inherit
+
+  # # On Delete
+  # create_branch_identifier_for_deletion:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
+  #   with:
+  #     branch: ${{ github.event.ref }}
+
+  # delete_namespace:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch'}}
+  #   needs:
+  #     - create_branch_identifier_for_deletion
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/delete-namespace.yml@5
+  #   with:
+  #     namespace: ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }}
+  #   secrets:
+  #     SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }}
+
+  # delete_successful:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
+  #   needs:
+  #     - delete_namespace
+  #     - create_branch_identifier_for_deletion
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - run: echo "Deletion workflow of namespace" ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} "done" 
+
+  # # Scheduled
+  # scheduled_trivy_scan:
+  #   name: "Scheduled trivy scan of latest image"
+  #   if: ${{ github.event_name == 'schedule' }}
+  #   permissions:
+  #     packages: read
+  #     security-events: write
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7
+  #   with:
+  #     image_ref: 'ghcr.io/${{ github.repository_owner }}/dbildungs-iam-keycloak:latest'
+  #     fail_on_vulnerabilites: false
+  #     report_location: "Dockerfile"