Skip to content

merge master

merge master #1

name: Release Image and Helm Chart
on:
workflow_call:
inputs:
release_tag:
type: string
description: "Provide the release tag"
required: true
image_name:
type: string
description: "Proide Image name"
required: true
helm_chart_name:
type: string
description: "Provide Helm Chart name"
required: true
node_project:
type: bool
description: "Node Image? If yes set to 'true'. Default: false"
required: false
default: False
node_version:
type: string
description: "Provide Node Version. Default: 18"
required: false
default: '18'
deploy_stage:
type: string
description: "Provide Deploy Stage. Default: empty"
required: false
default: ""
jobs:
# GHRC Image
codeql_analyze:
name: "CodeQL"
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-codeql.yaml@5
permissions:
actions: read
contents: read
security-events: write
nest_lint:
name: "Linting"
if: ${{ inputs.node_project == 'true' }}
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-lint.yaml@5
with:
node_version: "${{ inputs.node_version }}"
permissions:
contents: read
tests_and_sonarcloud:
name: "Tests and Sonarcloud"
if: ${{ inputs.node_project == 'true' }}
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-test-sonarcloud.yaml@5
with:
node_version: "${{ inputs.node_version }}"
deploy_stage: "${{ inputs.deploy_stage }}"
permissions:
contents: read
secrets: inherit
release_image:
name: "Publish image and scan with trivy"
needs:
- codeql_analyze
- nest_lint
- tests_and_sonarcloud
permissions:
packages: write
security-events: write
contents: read
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@5
with:
image_name: "${{ inputs.image_name }}"
run_trivy_scan: true
image_tag_generation: version_git_tag
container_registry: "ghcr.io"
fail_on_vulnerabilites: true
report_location: "Dockerfile"
# Helm Chart
scan_helm:
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
permissions:
contents: read
release_helm:
needs: scan_helm
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@5
secrets: inherit
with:
chart_name: "${{ inputs.helm_chart_name }}"
helm_chart_version_generation: specified
image_tag_generation: specified
helm_chart_version: "${{ inputs.release_tag }}"
image_tag: "${{ inputs.releaname: Release Image and Helm Chart
on:
workflow_call:
inputs:
release_tag:
type: string
description: "Provide the release tag"
required: true

Check failure on line 104 in .github/workflows/release-image-and-helm-chart.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/release-image-and-helm-chart.yaml

Invalid workflow file

You have an error in your yaml syntax on line 104
image_name:
type: string
description: "Provide Image name"
required: true
helm_chart_name:
type: string
description: "Provide Helm Chart name"
required: true
deploy_stage:
type: string
description: "Provide Deploy Stage"
required: false
default: ""
node_version:
type: string
description: "Provide Node Version"
required: false
default: '18'
jobs:
# GHRC Image
codeql_analyze:
name: "CodeQL"
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-codeql.yaml@5
permissions:
actions: read
contents: read
security-events: write
nest_lint:
name: "Linting"
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-lint.yaml@5
with:
node_version: "${{ inputs.node_version }}"
permissions:
contents: read
tests_and_sonarcloud:
name: "Tests and Sonarcloud"
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-test-sonarcloud.yaml@5
with:
node_version: "${{ inputs.node_version }}"
deploy_stage: "${{ inputs.deploy_stage }}"
permissions:
contents: read
secrets: inherit
release_image:
name: "Publish image and scan with trivy"
needs:
- codeql_analyze
- nest_lint
- tests_and_sonarcloud
permissions:
packages: write
security-events: write
contents: read
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@5
with:
image_name: "${{ inputs.image_name }}"
run_trivy_scan: true
image_tag_generation: version_git_tag
container_registry: "ghcr.io"
fail_on_vulnerabilites: true
report_location: "Dockerfile"
# Helm Chart
scan_helm:
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
permissions:
contents: read
release_helm:
needs: scan_helm
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@5
secrets: inherit
with:
chart_name: "${{ inputs.helm_chart_name }}"
helm_chart_version_generation: specified
image_tag_generation: specified
helm_chart_version: "${{ inputs.release_tag }}"
image_tag: "${{ inputs.relea