pleo-io · dpotyralski · Jul 9, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024
@@ -1,16 +1,11 @@
 version: v34.10.1
 
 files:
-  - .github/workflows/build-and-test.yaml
   - .github/workflows/codeql-analysis.yaml
   - .github/workflows/pr-help.yaml
-  - .github/workflows/release.yaml
   - .github/workflows/renovate_dependency_management.yaml
   - .autorc.json
   - .github/.kodiak.toml
 
 values:
-  sendOpsLevelDeployNotifications: true
-  deploymentEnabled: false
-  runWizCliDepsScan: false
   renovateCronjobSchedule: '25 6 * * 1-5' # This is UTC -> At 07:25 CET / 08:25 CEST on every day-of-week from Monday through Friday.
@@ -138,24 +138,6 @@ jobs:
           check_name: Unit Tests report
           report_paths: "**/build/test-results/test/TEST-*.xml"
 
-      # Run Detekt
-      - name: Run Detekt
-        continue-on-error: true
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: ./gradlew detekt --stacktrace
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
-
-      # Publish Detekt results to GitHub.
-      - name: Publish Detekt SARIF report to GitHub
-        continue-on-error: true
-        if: ${{ github.ref == 'refs/heads/main' }}
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
-        with:
-          sarif_file: build/reports/detekt/detekt.sarif
-
       - name: Trigger release
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3

@@ -20,11 +20,7 @@ env:
   publishNodeOpenAPIClient: true
   publishTypeScriptFrontendModels: false
   publishAdditionalProjects: false
-  deploymentEnabled: false
-  environmentTenant: product
-  productionDeploymentEnabled: true
   generateChangelogUpdate: true
-  forceReleaseOpenAPIDocument: 
 
 jobs:
   determine-version:
@@ -413,291 +409,3 @@ jobs:
           SLACK_USERNAME: GitHub Actions
           SLACK_ICON_EMOJI: ":crashingrocket:"
           SLACK_FOOTER: ""
-
-  publish-docker-image:
-    name: Publish Docker image
-    runs-on: ubuntu-latest-8-cores
-    permissions:
-      id-token: write
-      contents: read
-    timeout-minutes: 30
-    steps:
-      # Checkout the code to publish.
-      - name: Checkout code
-        if: env.deploymentEnabled == 'true'
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
-        with:
-          fetch-depth: 0
-          ref: main
-
-      # Setup a JDK environment for running Gradle publishing tasks.
-      - name: Setup JDK 17
-        if: env.deploymentEnabled == 'true'
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          java-version: 17
-          distribution: temurin
-
-      # Build the project and generate Docker Image
-      - name: Build project (Gradle)
-        if: env.deploymentEnabled == 'true'
-        run: ./gradlew build -x test --stacktrace
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
-          GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
-
-      # Login to DockerHub for fetching and pushing Docker images.
-      - name: Login to DockerHub
-        if: env.deploymentEnabled == 'true'
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
-        with:
-          username: pleodeployments
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      # Setup Buildx for Docker operations.
-      - name: Setup Buildx
-        if: env.deploymentEnabled == 'true'
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
-
-      # Build Docker image and cache Docker image/layers.
-      - name: Build Docker Image
-        if: env.deploymentEnabled == 'true'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
-        with:
-          context: .
-          tags: ${{ github.sha }}
-          load: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            github_sha=${{ github.sha }}
-            GRADLE_USER=${{ secrets.GITHUB_ACTOR }}
-            GRADLE_READ_KEY=${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-
-      - name: Configure shared services AWS credentials
-        if: env.deploymentEnabled == 'true'
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_SHARED_SERVICES}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to Amazon ECR shared-services
-        if: env.deploymentEnabled == 'true'
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR shared services
-        if: env.deploymentEnabled == 'true'
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_SHARED_SERVICES }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-      - name: Configure product-dev AWS credentials
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_DEV}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to Amazon ECR product-dev
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR product-dev
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_DEV }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-      - name: Configure product-staging AWS credentials
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_STAGING}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to Amazon ECR product-staging
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR product-staging
-        if: env.deploymentEnabled == 'true' && env.environmentTenant == 'product'
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_STAGING }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-      - name: Configure product-production AWS credentials
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_PRODUCTION}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to AWS ECR product-production
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'product'
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR product-production
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'product'
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_PRODUCTION }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-      - name: Configure tooling-production AWS credentials
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'tooling'
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_TOOLING_PRODUCTION}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to Amazon ECR tooling-production
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'tooling'
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR tooling-production
-        if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' && env.environmentTenant == 'tooling'
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_TOOLING_PRODUCTION }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-  get-env-variables:
-    name: Prepare env variables
-    outputs:
-      deploymentEnabled: ${{ steps.env-variables.outputs.deploymentEnabled }}
-      environmentTenant: ${{ steps.env-variables.outputs.environmentTenant }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set output variables
-        id: env-variables
-        run: |
-          echo "deploymentEnabled=${{ env.deploymentEnabled }}" >> "$GITHUB_OUTPUT"
-          echo "environmentTenant=${{ env.environmentTenant }}" >> "$GITHUB_OUTPUT"
-
-  wiz-cli:
-    name: Scan Image with Wiz CLI
-    uses: pleo-io/reusable-workflows/.github/workflows/wiz-cli.yaml@main
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    with:
-      scan_container: false
-      container_tag: ${{ github.sha }}
-      deps_policy: Pleo-Default-vulnerabilities-policy
-    secrets: inherit
-
-  trigger-deploy-gitops-product-dev:
-    name: Trigger deployment (GitOps)- Update product-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'product'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: product-dev
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-product-staging:
-    name: Trigger deployment (GitOps)- Update product-staging image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'product'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: product-staging
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-tooling-production:
-    name: Trigger deployment (GitOps)- Update tooling-production image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'tooling'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: tooling-production
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-dev:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-dev
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-staging:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-staging
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-production:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-      - wiz-cli
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-production
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}