-
Notifications
You must be signed in to change notification settings - Fork 2
95 lines (83 loc) · 2.88 KB
/
advocase-main-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: "[PROD] Advocase Production Deployment"
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
on:
workflow_dispatch:
jobs:
##### SETUP ##################################################################
approve-deploy:
name: Approve Deploy
environment: prod
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
##### BUILD ##################################################################
bc-gov-advocase-image:
name: bc-gov-advocase-image
needs: [approve-deploy]
uses: ./.github/workflows/reusable-build-dockerfile.yaml
with:
ref: main
directory: docker/advocase-image
image-name: bc-gov-advocase
image-tags: latest
artifactory-repository: ad0d-advocase-docker
secrets:
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
##### DEPLOY ##################################################################
import-advocase-image-to-oc:
name: import-advocase-image-to-oc
needs: [approve-deploy, bc-gov-advocase-image]
uses: ./.github/workflows/reusable-import-image-to-oc.yaml
with:
image-name: bc-gov-advocase
image-tags: latest
imagestream: artifactory-advocase
artifactory-repository: ad0d-advocase-docker
secrets:
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOOLS_TOKEN }}
rollout-advocase-deployment:
name: rollout-advocase-deployment
needs: [approve-deploy, import-advocase-image-to-oc]
uses: ./.github/workflows/reusable-rollout-deployment.yaml
with:
namespace: prod
secrets:
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOKEN }}
wait-for-rollout:
name: wait-for-rollout
needs: [approve-deploy, rollout-advocase-deployment]
uses: ./.github/workflows/reusable-wait-for-rollout.yaml
with:
namespace: prod
secrets:
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOKEN }}
##### SCAN ##################################################################
owasp-advocase:
name: OWASP ZAP Scan
needs: [wait-for-rollout]
runs-on: ubuntu-latest
environment: prod
steps:
- name: OWASP ZAP Scan
uses: zaproxy/[email protected]
with:
allow_issue_writing: false
cmd_options: '-z "-config scanner.threadPerHost=20"'
target: ${{ secrets.ZAP_ADVOCASE_URL }}
- name: Upload Report as Artifact
uses: actions/upload-artifact@v4
with:
name: OWASP ZAP Report
path: report_html.html