Compare commits
1 Commits
adr-027-cr
...
salmanmkc/
| Author | SHA1 | Date | |
|---|---|---|---|
|
e8f16722b9 |
12
.github/workflows/cd.yml
vendored
12
.github/workflows/cd.yml
vendored
@@ -41,7 +41,7 @@ jobs:
|
|||||||
image_tag: ${{ steps.determine-tag.outputs.tag }}
|
image_tag: ${{ steps.determine-tag.outputs.tag }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Determine deployment environment
|
- name: Determine deployment environment
|
||||||
id: determine-env
|
id: determine-env
|
||||||
@@ -80,7 +80,7 @@ jobs:
|
|||||||
url: https://staging.wifi-densepose.com
|
url: https://staging.wifi-densepose.com
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up kubectl
|
- name: Set up kubectl
|
||||||
uses: azure/setup-kubectl@v3
|
uses: azure/setup-kubectl@v3
|
||||||
@@ -126,7 +126,7 @@ jobs:
|
|||||||
url: https://wifi-densepose.com
|
url: https://wifi-densepose.com
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up kubectl
|
- name: Set up kubectl
|
||||||
uses: azure/setup-kubectl@v3
|
uses: azure/setup-kubectl@v3
|
||||||
@@ -199,7 +199,7 @@ jobs:
|
|||||||
# kubectl scale rs -n wifi-densepose -l app=wifi-densepose,version!=green --replicas=0
|
# kubectl scale rs -n wifi-densepose -l app=wifi-densepose,version!=green --replicas=0
|
||||||
|
|
||||||
- name: Upload deployment artifacts
|
- name: Upload deployment artifacts
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
with:
|
with:
|
||||||
name: production-deployment-${{ github.run_number }}
|
name: production-deployment-${{ github.run_number }}
|
||||||
path: |
|
path: |
|
||||||
@@ -270,7 +270,7 @@ jobs:
|
|||||||
done
|
done
|
||||||
|
|
||||||
- name: Update deployment status
|
- name: Update deployment status
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v8
|
||||||
with:
|
with:
|
||||||
script: |
|
script: |
|
||||||
const deployEnv = '${{ needs.pre-deployment.outputs.deploy_env }}';
|
const deployEnv = '${{ needs.pre-deployment.outputs.deploy_env }}';
|
||||||
@@ -321,7 +321,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Create deployment issue on failure
|
- name: Create deployment issue on failure
|
||||||
if: needs.deploy-production.result == 'failure'
|
if: needs.deploy-production.result == 'failure'
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v8
|
||||||
with:
|
with:
|
||||||
script: |
|
script: |
|
||||||
github.rest.issues.create({
|
github.rest.issues.create({
|
||||||
|
|||||||
24
.github/workflows/ci.yml
vendored
24
.github/workflows/ci.yml
vendored
@@ -20,12 +20,12 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -54,7 +54,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
||||||
- name: Upload security reports
|
- name: Upload security reports
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
name: security-reports
|
name: security-reports
|
||||||
@@ -95,10 +95,10 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Python ${{ matrix.python-version }}
|
- name: Set up Python ${{ matrix.python-version }}
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ matrix.python-version }}
|
python-version: ${{ matrix.python-version }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -133,7 +133,7 @@ jobs:
|
|||||||
name: codecov-umbrella
|
name: codecov-umbrella
|
||||||
|
|
||||||
- name: Upload test results
|
- name: Upload test results
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
name: test-results-${{ matrix.python-version }}
|
name: test-results-${{ matrix.python-version }}
|
||||||
@@ -150,10 +150,10 @@ jobs:
|
|||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -174,7 +174,7 @@ jobs:
|
|||||||
locust -f tests/performance/locustfile.py --headless --users 50 --spawn-rate 5 --run-time 60s --host http://localhost:8000
|
locust -f tests/performance/locustfile.py --headless --users 50 --spawn-rate 5 --run-time 60s --host http://localhost:8000
|
||||||
|
|
||||||
- name: Upload performance results
|
- name: Upload performance results
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
with:
|
with:
|
||||||
name: performance-results
|
name: performance-results
|
||||||
path: locust_report.html
|
path: locust_report.html
|
||||||
@@ -186,7 +186,7 @@ jobs:
|
|||||||
needs: [code-quality, test]
|
needs: [code-quality, test]
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
@@ -249,10 +249,10 @@ jobs:
|
|||||||
if: github.ref == 'refs/heads/main'
|
if: github.ref == 'refs/heads/main'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
|
|||||||
30
.github/workflows/security-scan.yml
vendored
30
.github/workflows/security-scan.yml
vendored
@@ -24,12 +24,12 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -86,10 +86,10 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -126,7 +126,7 @@ jobs:
|
|||||||
category: snyk
|
category: snyk
|
||||||
|
|
||||||
- name: Upload vulnerability reports
|
- name: Upload vulnerability reports
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
name: vulnerability-reports
|
name: vulnerability-reports
|
||||||
@@ -147,7 +147,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
@@ -218,7 +218,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Run Checkov IaC scan
|
- name: Run Checkov IaC scan
|
||||||
uses: bridgecrewio/checkov-action@master
|
uses: bridgecrewio/checkov-action@master
|
||||||
@@ -272,7 +272,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@@ -303,10 +303,10 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ env.PYTHON_VERSION }}
|
python-version: ${{ env.PYTHON_VERSION }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -323,7 +323,7 @@ jobs:
|
|||||||
licensecheck --zero
|
licensecheck --zero
|
||||||
|
|
||||||
- name: Upload license report
|
- name: Upload license report
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
with:
|
with:
|
||||||
name: license-report
|
name: license-report
|
||||||
path: licenses.json
|
path: licenses.json
|
||||||
@@ -334,7 +334,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Check security policy files
|
- name: Check security policy files
|
||||||
run: |
|
run: |
|
||||||
@@ -376,7 +376,7 @@ jobs:
|
|||||||
if: always()
|
if: always()
|
||||||
steps:
|
steps:
|
||||||
- name: Download all artifacts
|
- name: Download all artifacts
|
||||||
uses: actions/download-artifact@v3
|
uses: actions/download-artifact@v7
|
||||||
|
|
||||||
- name: Generate security summary
|
- name: Generate security summary
|
||||||
run: |
|
run: |
|
||||||
@@ -394,7 +394,7 @@ jobs:
|
|||||||
echo "Generated on: $(date)" >> security-summary.md
|
echo "Generated on: $(date)" >> security-summary.md
|
||||||
|
|
||||||
- name: Upload security summary
|
- name: Upload security summary
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v6
|
||||||
with:
|
with:
|
||||||
name: security-summary
|
name: security-summary
|
||||||
path: security-summary.md
|
path: security-summary.md
|
||||||
@@ -416,7 +416,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Create security issue on critical findings
|
- name: Create security issue on critical findings
|
||||||
if: needs.sast.result == 'failure' || needs.dependency-scan.result == 'failure'
|
if: needs.sast.result == 'failure' || needs.dependency-scan.result == 'failure'
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v8
|
||||||
with:
|
with:
|
||||||
script: |
|
script: |
|
||||||
github.rest.issues.create({
|
github.rest.issues.create({
|
||||||
|
|||||||
Reference in New Issue
Block a user