-
Notifications
You must be signed in to change notification settings - Fork 1
115 lines (102 loc) · 3.12 KB
/
.merge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Merge
on:
pull_request:
branches: [dev]
types: [closed]
push:
branches: "*"
# temp change to force a deployment
workflow_dispatch:
concurrency:
# PR open and close use the same group, allowing only one at a time
group: pr-${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
jobs:
codeql-scan:
name: codeql-scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
zap-owasp:
uses: bcgov/pipeline-templates/.github/workflows/owasp-scan.yaml@main
with:
ZAP_SCAN_TYPE: 'base' # Accepted values are base and full.
ZAP_TARGET_URL: https://vhers-virus-scan-tools-c82b4c-tools.apps.silver.devops.gov.bc.ca/
ZAP_DURATION: '2'
ZAP_MAX_DURATION: '5'
ZAP_GCP_PUBLISH: false
# https://github.com/bcgov-nr/action-builder-ghcr
builds:
name: Builds
runs-on: ubuntu-22.04
permissions:
packages: write
strategy:
matrix:
package: [vhers-virus-scan, db-cleanup]
include:
- package: vhers-virus-scan
build_context: ./
triggers: ('vhers-virus-scan/')
build_file: Dockerfile
- package: db-cleanup
build_context: ./containers/db_cleanup
triggers: ('vhers-virus-scan/containers/db_cleanup')
build_file: Dockerfile
timeout-minutes: 10
steps:
- uses: bcgov-nr/action-builder-ghcr@v2.0.0
with:
keep_versions: 50
package: ${{ matrix.package }}
build_context: ${{ matrix.build_context }}
tag: latest
triggers: ${{ matrix.triggers }}
deploys:
name: Deploys Anitvirus
needs: [builds]
environment: tools
permissions:
issues: write
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
name: [vhers-virus-scan, db-cleanup]
include:
- name: vhers-virus-scan
file: ./openshift.deploy.yml
overwrite: true
- name: db-cleanup
file: ./containers/db_cleanup/openshift/templates/db-cleanup-dc.yaml
overwrite: true
steps:
- uses: bcgov-nr/action-deployer-openshift@v2.0.0
with:
file: ${{ matrix.file }}
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: ${{ matrix.overwrite }}
parameters: -p ZONE=tools
repository: ${{ matrix.repository }}
verification_path: ${{ matrix.verification_path }}