Skip to content

Spsh 1529 (#851)

Spsh 1529 (#851) #42

Workflow file for this run

# Push image to GHCR and Helm Chart to helm-charts-registry
name: Release Image and Helm Chart
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'
concurrency:
group: dbildungs-iam-server-image-helm-chart
cancel-in-progress: true
jobs:
# GHRC Image
codeql_analyze:
name: "CodeQL"
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-codeql.yaml@5
permissions:
actions: read
contents: read
security-events: write
nest_lint:
name: "Linting"
if: ${{ github.event_name == 'push' }}
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-lint.yaml@5
with:
node_version: '18'
permissions:
contents: read
tests_and_sonarcloud:
name: "Tests and Sonarcloud"
if: ${{ github.event_name == 'push' }}
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-test-sonarcloud.yaml@5
with:
node_version: '18'
timeout_minutes: 20
permissions:
contents: read
secrets: inherit
release_image:
name: "Publish image and scan with trivy"
needs:
- codeql_analyze
- nest_lint
- tests_and_sonarcloud
permissions:
packages: write
security-events: write
contents: read
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@7
with:
image_name: "dbildungs-iam-server"
run_trivy_scan: true
image_tag_generation: version_git_tag
container_registry: "ghcr.io"
fail_on_vulnerabilites: false
report_location: "Dockerfile"
# Helm Chart
scan_helm:
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
permissions:
contents: read
release_helm:
needs: scan_helm
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7
secrets: inherit
with:
chart_name: "dbildungs-iam-server"
helm_chart_version_generation: specified
image_tag_generation: specified
helm_chart_version: "${{ github.ref_name }}"
image_tag: "${{ github.ref_name }}"
helm_repo_list: "bitnami,https://charts.bitnami.com/bitnami"