Fix for ZAP scan warning: Insufficient Site Isolation Against Spectre Vulnerability
#3904
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform CI Deploy | |
on: | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
paths-filter: | |
runs-on: ubuntu-latest | |
outputs: | |
operations: ${{ steps.filter.outputs.operations }} | |
steps: | |
- uses: actions/checkout@v4 | |
# keep in sync with terraform-ci-destroy.yml | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
operations: | |
- 'operations/environments/pr/**' | |
- 'operations/template/**' | |
terraform-deploy: | |
name: PR Infrastructure Deploy | |
needs: paths-filter | |
uses: ./.github/workflows/terraform-deploy_reusable.yml | |
if: needs.paths-filter.outputs.operations == 'true' | |
with: | |
ENVIRONMENT: pr | |
TERRAFORM_DIRECTORY: operations/environments/pr | |
TERRAFORM_INIT_PARAMETERS: -backend-config="key=pr_${{ github.event.number }}.tfstate" | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
TERRAFORM_APPLY_PARAMETERS: -var="pr_number=${{ github.event.number }}" -var="alert_slack_email=${{ secrets.NON_PROD_ALERT_SLACK_EMAIL }}" | |
terraform-deploy-skip: # runs when the PR doesn't have any changes that require the PR deploy; this ensures we get the appropriate required PR checks | |
name: PR Infrastructure Deploy # this name must match the above `terraform-deploy` job's name | |
needs: paths-filter | |
uses: ./.github/workflows/terraform-deploy_reusable-skip.yml | |
if: needs.paths-filter.outputs.operations != 'true' | |
pr-deploy: | |
name: PR Application Deploy | |
needs: | |
- terraform-deploy | |
- paths-filter | |
uses: ./.github/workflows/deploy_reusable.yml | |
if: needs.paths-filter.outputs.operations == 'true' | |
with: | |
ENVIRONMENT: pr | |
REPO: trusted-intermediary-router | |
APP: ${{ needs.terraform-deploy.outputs.APP }} | |
REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }} | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
pr-deploy-skip: # runs when the PR doesn't have any changes that require the PR deploy; this ensures we get the appropriate required PR checks | |
name: PR Application Deploy # this name must match the above `pr-deploy` job's name | |
needs: | |
- paths-filter | |
uses: ./.github/workflows/deploy_reusable-skip.yml | |
if: needs.paths-filter.outputs.operations != 'true' |