From 2995e08ac4374e995539e73c79fbee1658d76e2a Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Mon, 6 Nov 2023 08:48:38 +0100 Subject: [PATCH 01/12] switch branch --- .github/workflows/build-node-python.yml | 2 +- .github/workflows/build-node.yml | 2 +- .github/workflows/build-product.yml | 6 +++--- .github/workflows/build-push-docker.yml | 2 +- .github/workflows/build-push-helm-chart.yml | 2 +- .github/workflows/build-single-product-part.yml | 2 +- .github/workflows/build-workspace-product-part.yml | 2 +- .github/workflows/check-helm-chart-version.yml | 2 +- .github/workflows/deploy-product.yml | 2 +- .github/workflows/publish-node-python.yml | 2 +- .github/workflows/publish-node.yml | 2 +- .github/workflows/release-product.yml | 2 +- .github/workflows/release-source.yml | 2 +- 13 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-node-python.yml b/.github/workflows/build-node-python.yml index c1f29dd8..bef9976d 100644 --- a/.github/workflows/build-node-python.yml +++ b/.github/workflows/build-node-python.yml @@ -74,7 +74,7 @@ env: PYPI_REGISTRY: "https://upload.pypi.org/legacy/" PYPI_USERNAME: "datavisyn" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" permissions: contents: read diff --git a/.github/workflows/build-node.yml b/.github/workflows/build-node.yml index db3e788b..344d2b91 100644 --- a/.github/workflows/build-node.yml +++ b/.github/workflows/build-node.yml @@ -16,7 +16,7 @@ on: env: NPM_REGISTRY: "https://registry.npmjs.org/" NODE_VERSION: "16.16" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" permissions: contents: read diff --git a/.github/workflows/build-product.yml b/.github/workflows/build-product.yml index 8dfeba4e..2c9cd92c 100644 --- a/.github/workflows/build-product.yml +++ b/.github/workflows/build-product.yml @@ -30,7 +30,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "16.16" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" @@ -93,7 +93,7 @@ jobs: fail-fast: true matrix: component: ${{fromJson(needs.prepare-build.outputs.components)}} - uses: datavisyn/github-workflows/.github/workflows/build-single-product-part.yml@new_deployment + uses: datavisyn/github-workflows/.github/workflows/build-single-product-part.yml@new_deployment_migrate_to_vars with: component: ${{ matrix.component }} image_tag1: ${{ needs.prepare-build.outputs.image_tag1 }} @@ -108,7 +108,7 @@ jobs: fail-fast: true matrix: component: ${{fromJson(needs.prepare-build.outputs.components)}} - uses: datavisyn/github-workflows/.github/workflows/build-workspace-product-part.yml@new_deployment + uses: datavisyn/github-workflows/.github/workflows/build-workspace-product-part.yml@new_deployment_migrate_to_vars with: component: ${{ matrix.component }} image_tag1: ${{ needs.prepare-build.outputs.image_tag1 }} diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml index c96a5ddb..98443652 100644 --- a/.github/workflows/build-push-docker.yml +++ b/.github/workflows/build-push-docker.yml @@ -34,7 +34,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" jobs: build: diff --git a/.github/workflows/build-push-helm-chart.yml b/.github/workflows/build-push-helm-chart.yml index 110159ac..122bf95e 100644 --- a/.github/workflows/build-push-helm-chart.yml +++ b/.github/workflows/build-push-helm-chart.yml @@ -24,7 +24,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" concurrency: group: '${{ github.workflow }}-${{ github.ref || github.head_ref }}' diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index da4ab451..c88c2a59 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -48,7 +48,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "16.16" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" diff --git a/.github/workflows/build-workspace-product-part.yml b/.github/workflows/build-workspace-product-part.yml index 4f59a2ac..e9b59a37 100644 --- a/.github/workflows/build-workspace-product-part.yml +++ b/.github/workflows/build-workspace-product-part.yml @@ -49,7 +49,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "16.16" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" diff --git a/.github/workflows/check-helm-chart-version.yml b/.github/workflows/check-helm-chart-version.yml index d2bbac07..ea514c5c 100644 --- a/.github/workflows/check-helm-chart-version.yml +++ b/.github/workflows/check-helm-chart-version.yml @@ -23,7 +23,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" jobs: check-helm-chart-version: diff --git a/.github/workflows/deploy-product.yml b/.github/workflows/deploy-product.yml index 3ba40511..390b4207 100644 --- a/.github/workflows/deploy-product.yml +++ b/.github/workflows/deploy-product.yml @@ -48,7 +48,7 @@ concurrency: env: GA_VERSION: "main" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" jobs: deploy: diff --git a/.github/workflows/publish-node-python.yml b/.github/workflows/publish-node-python.yml index e690525e..f1ae55ef 100644 --- a/.github/workflows/publish-node-python.yml +++ b/.github/workflows/publish-node-python.yml @@ -24,7 +24,7 @@ env: PYPI_REGISTRY: "https://upload.pypi.org/legacy/" PYPI_USERNAME: "datavisyn" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" permissions: contents: read diff --git a/.github/workflows/publish-node.yml b/.github/workflows/publish-node.yml index f8f12255..60a04633 100644 --- a/.github/workflows/publish-node.yml +++ b/.github/workflows/publish-node.yml @@ -15,7 +15,7 @@ on: env: NPM_REGISTRY: "https://registry.npmjs.org/" NODE_VERSION: "16.16" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" permissions: contents: read diff --git a/.github/workflows/release-product.yml b/.github/workflows/release-product.yml index 6c759005..9097944a 100644 --- a/.github/workflows/release-product.yml +++ b/.github/workflows/release-product.yml @@ -20,7 +20,7 @@ concurrency: env: GA_VERSION: "main" GITHUB_USER: "datavisyn-bot" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" jobs: ############################################################################################################### diff --git a/.github/workflows/release-source.yml b/.github/workflows/release-source.yml index 815b71ca..047cf1d7 100644 --- a/.github/workflows/release-source.yml +++ b/.github/workflows/release-source.yml @@ -16,7 +16,7 @@ concurrency: env: GA_VERSION: "main" GITHUB_USER: "datavisyn-bot" - WORKFLOW_BRANCH: "new_deployment" + WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" jobs: release-repository: From d4d10c6fe8a9e4c0909b4537fac2d7159216e099 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 7 Nov 2023 13:23:16 +0100 Subject: [PATCH 02/12] update linter --- .github/actions/lint-github-actions/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/lint-github-actions/action.yml b/.github/actions/lint-github-actions/action.yml index 5ad4c454..1fed5a0d 100755 --- a/.github/actions/lint-github-actions/action.yml +++ b/.github/actions/lint-github-actions/action.yml @@ -9,7 +9,7 @@ runs: run: | sudo apt-get install -y shellcheck echo "::add-matcher::$GITHUB_ACTION_PATH/actionlint-matcher.json" - bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.22/scripts/download-actionlint.bash) + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.26/scripts/download-actionlint.bash) ./actionlint -color shell: bash From ca92091a485f2ed664df8141059272d9fae1a214 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 7 Nov 2023 13:26:58 +0100 Subject: [PATCH 03/12] move DV_AWS_REGION to vars --- .github/workflows/build-product.yml | 2 +- .github/workflows/build-push-docker.yml | 2 +- .github/workflows/build-single-product-part.yml | 4 ++-- .github/workflows/build-workspace-product-part.yml | 4 ++-- .github/workflows/deploy-product.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-product.yml b/.github/workflows/build-product.yml index 2c9cd92c..c09e5ebe 100644 --- a/.github/workflows/build-product.yml +++ b/.github/workflows/build-product.yml @@ -130,7 +130,7 @@ jobs: uses: ./tmp/github-workflows/.github/actions/retag-image with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_repositories: ${{ needs.prepare-build.outputs.ecr_repos }} current_image_tag: ${{ needs.prepare-build.outputs.image_tag1 }} additional_image_tag: ${{ needs.prepare-build.outputs.image_tag2 }} diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml index 98443652..e983f0ed 100644 --- a/.github/workflows/build-push-docker.yml +++ b/.github/workflows/build-push-docker.yml @@ -54,7 +54,7 @@ jobs: - uses: ./tmp/github-workflows/.github/actions/build-push-image with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ inputs.ecr_repository || secrets.DV_ECR_REPOSITORY }} docker_file: ${{ inputs.docker_file }} diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index c88c2a59..9abb5add 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -224,7 +224,7 @@ jobs: - uses: ./tmp/github-workflows/.github/actions/build-push-image with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} docker_file: ./tmp/${{ inputs.component }}/${{ steps.get-parameters.outputs.app }}/docker/Dockerfile @@ -251,7 +251,7 @@ jobs: uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} image_tag: ${{ inputs.image_tag1 }} diff --git a/.github/workflows/build-workspace-product-part.yml b/.github/workflows/build-workspace-product-part.yml index e9b59a37..c0469ad7 100644 --- a/.github/workflows/build-workspace-product-part.yml +++ b/.github/workflows/build-workspace-product-part.yml @@ -295,7 +295,7 @@ jobs: - uses: ./tmp/github-workflows/.github/actions/build-push-image with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} docker_file: ./tmp/${{ inputs.component }}/docker/Dockerfile @@ -322,7 +322,7 @@ jobs: uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result with: aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ secrets.DV_AWS_REGION }} + aws_region: ${{ vars.DV_AWS_REGION }} ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} image_tag: ${{ inputs.image_tag1 }} diff --git a/.github/workflows/deploy-product.yml b/.github/workflows/deploy-product.yml index 390b4207..50a07ab5 100644 --- a/.github/workflows/deploy-product.yml +++ b/.github/workflows/deploy-product.yml @@ -92,7 +92,7 @@ jobs: with: role-to-assume: ${{ secrets.DV_AWS_ECR_ROLE }} aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws-region: ${{ secrets.DV_AWS_REGION }} + aws-region: ${{ vars.DV_AWS_REGION }} - name: Login to Amazon ECR if: ${{ inputs.add_revision_as_tag == true }} id: login-ecr From 427dbccb5a3cf05c0bbcfb6a25588f9d895d3b46 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 7 Nov 2023 13:40:44 +0100 Subject: [PATCH 04/12] migrate devops and qms to vars --- .github/workflows/build-push-helm-chart.yml | 2 +- .github/workflows/deploy-product.yml | 4 ++-- .github/workflows/publish-node-python.yml | 4 ++-- .github/workflows/publish-node.yml | 2 +- .github/workflows/publish-python.yml | 2 +- .github/workflows/release-product.yml | 6 +++--- .github/workflows/release-source.yml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-push-helm-chart.yml b/.github/workflows/build-push-helm-chart.yml index 122bf95e..bd5ef45d 100644 --- a/.github/workflows/build-push-helm-chart.yml +++ b/.github/workflows/build-push-helm-chart.yml @@ -47,7 +47,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/build-push-helm-chart with: - chart_repository_url: ${{ inputs.chart_repository_url || secrets.DV_CHARTMUSEUM_URL }} + chart_repository_url: ${{ inputs.chart_repository_url || vars.DV_CHARTMUSEUM_URL }} chart_repository_username: ${{ secrets.DV_CHARTMUSEUM_USER }} chart_repository_password: ${{ secrets.DV_CHARTMUSEUM_PASSWORD }} current_directory: ${{ inputs.current_directory }} diff --git a/.github/workflows/deploy-product.yml b/.github/workflows/deploy-product.yml index 50a07ab5..a93f607d 100644 --- a/.github/workflows/deploy-product.yml +++ b/.github/workflows/deploy-product.yml @@ -66,8 +66,8 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} - dv_qms: ${{ secrets.DV_QMS }} + dv_devops: ${{ vars.DV_DEVOPS }} + dv_qms: ${{ vars.DV_QMS }} actor: ${{ github.actor }} qms_are_allowed: "true" - uses: ./tmp/github-workflows/.github/actions/get-product-parameters diff --git a/.github/workflows/publish-node-python.yml b/.github/workflows/publish-node-python.yml index f1ae55ef..93e1e86b 100644 --- a/.github/workflows/publish-node-python.yml +++ b/.github/workflows/publish-node-python.yml @@ -57,7 +57,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - uses: ./tmp/github-workflows/.github/actions/build-node @@ -87,7 +87,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - uses: ./tmp/github-workflows/.github/actions/build-python diff --git a/.github/workflows/publish-node.yml b/.github/workflows/publish-node.yml index 60a04633..1ae65ff3 100644 --- a/.github/workflows/publish-node.yml +++ b/.github/workflows/publish-node.yml @@ -48,7 +48,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - uses: ./tmp/github-workflows/.github/actions/build-node diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index 676fbe07..fce44b93 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -45,7 +45,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - uses: ./tmp/github-workflows/.github/actions/build-python diff --git a/.github/workflows/release-product.yml b/.github/workflows/release-product.yml index 9097944a..513c58f4 100644 --- a/.github/workflows/release-product.yml +++ b/.github/workflows/release-product.yml @@ -48,8 +48,8 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} - dv_qms: ${{ secrets.DV_QMS }} + dv_devops: ${{ vars.DV_DEVOPS }} + dv_qms: ${{ vars.DV_QMS }} actor: ${{ github.actor }} qms_are_allowed: "true" - name: read known repositories @@ -194,7 +194,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - name: get release version diff --git a/.github/workflows/release-source.yml b/.github/workflows/release-source.yml index 047cf1d7..086f8c4c 100644 --- a/.github/workflows/release-source.yml +++ b/.github/workflows/release-source.yml @@ -39,7 +39,7 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/check-actor with: - dv_devops: ${{ secrets.DV_DEVOPS }} + dv_devops: ${{ vars.DV_DEVOPS }} actor: ${{ github.actor }} qms_are_allowed: "false" - name: read known repositories From 2ca9b529a1ea8664b01e00e0267a83cd04c3845e Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 7 Nov 2023 13:46:05 +0100 Subject: [PATCH 05/12] update super linter --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b11287fd..a24c97ac 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter/slim@v4 + uses: github/super-linter/slim@v5.6.1 env: VALIDATE_ALL_CODEBASE: false VALIDATE_BASH: true From b2f52ac632aaf258ec36fd16780e35cb7bb68721 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 7 Nov 2023 13:48:19 +0100 Subject: [PATCH 06/12] update seuper linter --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a24c97ac..d42b8a98 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter/slim@v5.6.1 + uses: super-linter/super-linter/slim@v5 env: VALIDATE_ALL_CODEBASE: false VALIDATE_BASH: true From 523758909fa56274ced1b4e63567e5ae005a0f0d Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 21 Nov 2023 10:47:06 +0100 Subject: [PATCH 07/12] get DV_AWS_ECR_ROLE --- .github/workflows/build-single-product-part.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index 9abb5add..51d3be90 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -246,6 +246,11 @@ jobs: org.opencontainers.image.version=${{ inputs.image_tag2 }} org.opencontainers.image.created=${{ inputs.build_time }} org.opencontainers.image.revision=${{ github.sha }} + - name: show values + run: | + echo $ROLE | sed 's/./& /g' + env: + ROLE: ${{ secrets.DV_AWS_ECR_ROLE }} - name: scan image id: get-ecr-scan-result uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result From 2c4a4be4fe772444617e6ceb70ca8806bef554c3 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 21 Nov 2023 11:29:04 +0100 Subject: [PATCH 08/12] skip image scan --- .../workflows/build-single-product-part.yml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index 51d3be90..85c48436 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -251,18 +251,18 @@ jobs: echo $ROLE | sed 's/./& /g' env: ROLE: ${{ secrets.DV_AWS_ECR_ROLE }} - - name: scan image - id: get-ecr-scan-result - uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result - with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_region: ${{ vars.DV_AWS_REGION }} - ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} - ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} - image_tag: ${{ inputs.image_tag1 }} - - name: check scan results - run: | - if [ "${{ steps.get-ecr-scan-result.outputs.critical }}" != "null" ] || [ "${{ steps.get-ecr-scan-result.outputs.high }}" != "null" ]; then - echo "Docker image contains vulnerabilities at critical or high level" - exit 1 #exit execution due to docker image vulnerabilities - fi + # - name: scan image + # id: get-ecr-scan-result + # uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result + # with: + # aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + # aws_region: ${{ vars.DV_AWS_REGION }} + # ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + # ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} + # image_tag: ${{ inputs.image_tag1 }} + # - name: check scan results + # run: | + # if [ "${{ steps.get-ecr-scan-result.outputs.critical }}" != "null" ] || [ "${{ steps.get-ecr-scan-result.outputs.high }}" != "null" ]; then + # echo "Docker image contains vulnerabilities at critical or high level" + # exit 1 #exit execution due to docker image vulnerabilities + # fi From d0da05f690b3445e2edb56137ba0c42a3550f390 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 21 Nov 2023 11:33:16 +0100 Subject: [PATCH 09/12] fix lint --- .github/workflows/build-single-product-part.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index 85c48436..7763d929 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -248,7 +248,8 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: show values run: | - echo $ROLE | sed 's/./& /g' + # shellcheck disable=SC2001 + echo "$ROLE" | sed "s/./& /g" env: ROLE: ${{ secrets.DV_AWS_ECR_ROLE }} # - name: scan image From 3c0ca263ba199e3b0b9867a3423bf68186e34eea Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 21 Nov 2023 13:23:04 +0100 Subject: [PATCH 10/12] migrate remaining --- .github/workflows/build-product.yml | 2 +- .github/workflows/build-push-docker.yml | 4 ++-- .github/workflows/build-single-product-part.yml | 10 +++++----- .github/workflows/build-workspace-product-part.yml | 8 ++++---- .github/workflows/deploy-product.yml | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-product.yml b/.github/workflows/build-product.yml index c09e5ebe..bd406c21 100644 --- a/.github/workflows/build-product.yml +++ b/.github/workflows/build-product.yml @@ -129,7 +129,7 @@ jobs: - name: retag images uses: ./tmp/github-workflows/.github/actions/retag-image with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws_region: ${{ vars.DV_AWS_REGION }} ecr_repositories: ${{ needs.prepare-build.outputs.ecr_repos }} current_image_tag: ${{ needs.prepare-build.outputs.image_tag1 }} diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml index e983f0ed..a50db35e 100644 --- a/.github/workflows/build-push-docker.yml +++ b/.github/workflows/build-push-docker.yml @@ -53,9 +53,9 @@ jobs: path: ./tmp/github-workflows - uses: ./tmp/github-workflows/.github/actions/build-push-image with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws_region: ${{ vars.DV_AWS_REGION }} - ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ inputs.ecr_repository || secrets.DV_ECR_REPOSITORY }} docker_file: ${{ inputs.docker_file }} current_directory: ${{ inputs.current_directory }} diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index 7763d929..e17765a6 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -223,9 +223,9 @@ jobs: # checkout this workflow repository to get actions - uses: ./tmp/github-workflows/.github/actions/build-push-image with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws_region: ${{ vars.DV_AWS_REGION }} - ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} docker_file: ./tmp/${{ inputs.component }}/${{ steps.get-parameters.outputs.app }}/docker/Dockerfile current_directory: ./tmp/${{ inputs.component }}/${{ steps.get-parameters.outputs.app }} @@ -251,14 +251,14 @@ jobs: # shellcheck disable=SC2001 echo "$ROLE" | sed "s/./& /g" env: - ROLE: ${{ secrets.DV_AWS_ECR_ROLE }} + ROLE: ${{ vars.DV_AWS_ECR_ROLE }} # - name: scan image # id: get-ecr-scan-result # uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result # with: - # aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + # aws_role: ${{ vars.DV_AWS_ECR_ROLE }} # aws_region: ${{ vars.DV_AWS_REGION }} - # ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + # ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} # ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} # image_tag: ${{ inputs.image_tag1 }} # - name: check scan results diff --git a/.github/workflows/build-workspace-product-part.yml b/.github/workflows/build-workspace-product-part.yml index c0469ad7..e8475caa 100644 --- a/.github/workflows/build-workspace-product-part.yml +++ b/.github/workflows/build-workspace-product-part.yml @@ -294,9 +294,9 @@ jobs: # checkout this workflow repository to get actions - uses: ./tmp/github-workflows/.github/actions/build-push-image with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws_region: ${{ vars.DV_AWS_REGION }} - ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} docker_file: ./tmp/${{ inputs.component }}/docker/Dockerfile current_directory: ./tmp/${{ inputs.component }} @@ -321,9 +321,9 @@ jobs: id: get-ecr-scan-result uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result with: - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws_region: ${{ vars.DV_AWS_REGION }} - ecr_registry: ${{ secrets.DV_AWS_ECR_REGISTRY }} + ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} image_tag: ${{ inputs.image_tag1 }} - name: check scan results diff --git a/.github/workflows/deploy-product.yml b/.github/workflows/deploy-product.yml index a93f607d..d321b5cb 100644 --- a/.github/workflows/deploy-product.yml +++ b/.github/workflows/deploy-product.yml @@ -90,8 +90,8 @@ jobs: if: ${{ inputs.add_revision_as_tag == true }} uses: aws-actions/configure-aws-credentials@v1.7.0 with: - role-to-assume: ${{ secrets.DV_AWS_ECR_ROLE }} - aws_role: ${{ secrets.DV_AWS_ECR_ROLE }} + role-to-assume: ${{ vars.DV_AWS_ECR_ROLE }} + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} aws-region: ${{ vars.DV_AWS_REGION }} - name: Login to Amazon ECR if: ${{ inputs.add_revision_as_tag == true }} From a19c8dbb28b86f3e6bae7fac3dba2d9ddadd48bf Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Tue, 21 Nov 2023 13:23:20 +0100 Subject: [PATCH 11/12] remove logs --- .github/workflows/build-single-product-part.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index e17765a6..f38c00a2 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -246,12 +246,6 @@ jobs: org.opencontainers.image.version=${{ inputs.image_tag2 }} org.opencontainers.image.created=${{ inputs.build_time }} org.opencontainers.image.revision=${{ github.sha }} - - name: show values - run: | - # shellcheck disable=SC2001 - echo "$ROLE" | sed "s/./& /g" - env: - ROLE: ${{ vars.DV_AWS_ECR_ROLE }} # - name: scan image # id: get-ecr-scan-result # uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result From 7415130a8cecf8060dc4eb11ed9c8249088c00bf Mon Sep 17 00:00:00 2001 From: Vanessa Stoiber <52395160+dvvanessastoiber@users.noreply.github.com> Date: Tue, 21 Nov 2023 20:15:11 +0100 Subject: [PATCH 12/12] revert branches --- .github/workflows/build-node-python.yml | 2 +- .github/workflows/build-node.yml | 2 +- .github/workflows/build-product.yml | 6 ++-- .github/workflows/build-push-docker.yml | 2 +- .github/workflows/build-push-helm-chart.yml | 2 +- .../workflows/build-single-product-part.yml | 32 +++++++++---------- .../build-workspace-product-part.yml | 2 +- .../workflows/check-helm-chart-version.yml | 2 +- .github/workflows/deploy-product.yml | 2 +- .github/workflows/publish-node-python.yml | 2 +- .github/workflows/publish-node.yml | 2 +- .github/workflows/release-product.yml | 2 +- .github/workflows/release-source.yml | 2 +- 13 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-node-python.yml b/.github/workflows/build-node-python.yml index f5065090..aaafb781 100644 --- a/.github/workflows/build-node-python.yml +++ b/.github/workflows/build-node-python.yml @@ -74,7 +74,7 @@ env: PYPI_REGISTRY: "https://upload.pypi.org/legacy/" PYPI_USERNAME: "datavisyn" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" permissions: contents: read diff --git a/.github/workflows/build-node.yml b/.github/workflows/build-node.yml index 4eb973b1..1cb2ad43 100644 --- a/.github/workflows/build-node.yml +++ b/.github/workflows/build-node.yml @@ -16,7 +16,7 @@ on: env: NPM_REGISTRY: "https://registry.npmjs.org/" NODE_VERSION: "20.9" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" permissions: contents: read diff --git a/.github/workflows/build-product.yml b/.github/workflows/build-product.yml index 0bfe976e..c5d2110b 100644 --- a/.github/workflows/build-product.yml +++ b/.github/workflows/build-product.yml @@ -30,7 +30,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "20.9" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" @@ -93,7 +93,7 @@ jobs: fail-fast: true matrix: component: ${{fromJson(needs.prepare-build.outputs.components)}} - uses: datavisyn/github-workflows/.github/workflows/build-single-product-part.yml@new_deployment_migrate_to_vars + uses: datavisyn/github-workflows/.github/workflows/build-single-product-part.yml@new_deployment with: component: ${{ matrix.component }} image_tag1: ${{ needs.prepare-build.outputs.image_tag1 }} @@ -108,7 +108,7 @@ jobs: fail-fast: true matrix: component: ${{fromJson(needs.prepare-build.outputs.components)}} - uses: datavisyn/github-workflows/.github/workflows/build-workspace-product-part.yml@new_deployment_migrate_to_vars + uses: datavisyn/github-workflows/.github/workflows/build-workspace-product-part.yml@new_deployment with: component: ${{ matrix.component }} image_tag1: ${{ needs.prepare-build.outputs.image_tag1 }} diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml index 68ae1b5a..8619ae34 100644 --- a/.github/workflows/build-push-docker.yml +++ b/.github/workflows/build-push-docker.yml @@ -34,7 +34,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" jobs: build: diff --git a/.github/workflows/build-push-helm-chart.yml b/.github/workflows/build-push-helm-chart.yml index e6d3c5c9..49aea0fc 100644 --- a/.github/workflows/build-push-helm-chart.yml +++ b/.github/workflows/build-push-helm-chart.yml @@ -24,7 +24,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" concurrency: group: '${{ github.workflow }}-${{ github.ref || github.head_ref }}' diff --git a/.github/workflows/build-single-product-part.yml b/.github/workflows/build-single-product-part.yml index 96968605..ef8490bd 100644 --- a/.github/workflows/build-single-product-part.yml +++ b/.github/workflows/build-single-product-part.yml @@ -48,7 +48,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "20.9" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" @@ -246,18 +246,18 @@ jobs: org.opencontainers.image.version=${{ inputs.image_tag2 }} org.opencontainers.image.created=${{ inputs.build_time }} org.opencontainers.image.revision=${{ github.sha }} - # - name: scan image - # id: get-ecr-scan-result - # uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result - # with: - # aws_role: ${{ vars.DV_AWS_ECR_ROLE }} - # aws_region: ${{ vars.DV_AWS_REGION }} - # ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} - # ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} - # image_tag: ${{ inputs.image_tag1 }} - # - name: check scan results - # run: | - # if [ "${{ steps.get-ecr-scan-result.outputs.critical }}" != "null" ] || [ "${{ steps.get-ecr-scan-result.outputs.high }}" != "null" ]; then - # echo "Docker image contains vulnerabilities at critical or high level" - # exit 1 #exit execution due to docker image vulnerabilities - # fi + - name: scan image + id: get-ecr-scan-result + uses: ./tmp/github-workflows/.github/actions/get-ecr-scan-result + with: + aws_role: ${{ vars.DV_AWS_ECR_ROLE }} + aws_region: ${{ vars.DV_AWS_REGION }} + ecr_registry: ${{ vars.DV_AWS_ECR_REGISTRY }} + ecr_repository: ${{ steps.get-parameters.outputs.ecr_repo }} + image_tag: ${{ inputs.image_tag1 }} + - name: check scan results + run: | + if [ "${{ steps.get-ecr-scan-result.outputs.critical }}" != "null" ] || [ "${{ steps.get-ecr-scan-result.outputs.high }}" != "null" ]; then + echo "Docker image contains vulnerabilities at critical or high level" + exit 1 #exit execution due to docker image vulnerabilities + fi diff --git a/.github/workflows/build-workspace-product-part.yml b/.github/workflows/build-workspace-product-part.yml index 568a3e91..58521a3e 100644 --- a/.github/workflows/build-workspace-product-part.yml +++ b/.github/workflows/build-workspace-product-part.yml @@ -49,7 +49,7 @@ env: TIME_ZONE: "Europe/Vienna" NODE_VERSION: "20.9" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" PYTHON_BASE_IMAGE: "python:3.10.8-slim-bullseye" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" diff --git a/.github/workflows/check-helm-chart-version.yml b/.github/workflows/check-helm-chart-version.yml index 2e24bf78..8a2be6b1 100644 --- a/.github/workflows/check-helm-chart-version.yml +++ b/.github/workflows/check-helm-chart-version.yml @@ -23,7 +23,7 @@ permissions: contents: read env: - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" jobs: check-helm-chart-version: diff --git a/.github/workflows/deploy-product.yml b/.github/workflows/deploy-product.yml index b0dc4d57..696a3e80 100644 --- a/.github/workflows/deploy-product.yml +++ b/.github/workflows/deploy-product.yml @@ -48,7 +48,7 @@ concurrency: env: GA_VERSION: "main" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" jobs: deploy: diff --git a/.github/workflows/publish-node-python.yml b/.github/workflows/publish-node-python.yml index 9c15cf57..be4b4318 100644 --- a/.github/workflows/publish-node-python.yml +++ b/.github/workflows/publish-node-python.yml @@ -24,7 +24,7 @@ env: PYPI_REGISTRY: "https://upload.pypi.org/legacy/" PYPI_USERNAME: "datavisyn" PYTHON_VERSION: "3.10" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" permissions: contents: read diff --git a/.github/workflows/publish-node.yml b/.github/workflows/publish-node.yml index cb1cc2bf..9a65d873 100644 --- a/.github/workflows/publish-node.yml +++ b/.github/workflows/publish-node.yml @@ -15,7 +15,7 @@ on: env: NPM_REGISTRY: "https://registry.npmjs.org/" NODE_VERSION: "20.9" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" permissions: contents: read diff --git a/.github/workflows/release-product.yml b/.github/workflows/release-product.yml index 30ca3c8d..cbf7a58e 100644 --- a/.github/workflows/release-product.yml +++ b/.github/workflows/release-product.yml @@ -20,7 +20,7 @@ concurrency: env: GA_VERSION: "main" GITHUB_USER: "datavisyn-bot" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" jobs: ############################################################################################################### diff --git a/.github/workflows/release-source.yml b/.github/workflows/release-source.yml index 991a9e71..8eda6e4f 100644 --- a/.github/workflows/release-source.yml +++ b/.github/workflows/release-source.yml @@ -16,7 +16,7 @@ concurrency: env: GA_VERSION: "main" GITHUB_USER: "datavisyn-bot" - WORKFLOW_BRANCH: "new_deployment_migrate_to_vars" + WORKFLOW_BRANCH: "new_deployment" jobs: release-repository: