-
Notifications
You must be signed in to change notification settings - Fork 33
73 lines (67 loc) · 2.29 KB
/
Copy pathpostgresql.yaml
File metadata and controls
73 lines (67 loc) · 2.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: DevGuard PostgreSQL Workflow
on:
push:
tags:
- '*'
permissions:
contents: read
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
# Docker image build job
build-image:
uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
permissions:
contents: read
packages: write
with:
artifact-name: "postgresql"
asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
api-url: https://api.main.devguard.org
image-suffix: "postgresql"
secrets:
devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
build-args: "--context=. --dockerfile=Dockerfile.postgresql"
# Image scanning job to detect vulnerabilities in the built Docker image
container-scanning:
uses: l3montree-dev/devguard-action/.github/workflows/container-scanning.yml@main
needs:
- build-image
with:
asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
api-url: https://api.main.devguard.org
artifact-name: "postgresql"
web-ui: https://main.devguard.org
image-suffix: "postgresql"
secrets:
devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
deploy:
needs:
- build-image
- container-scanning
uses: l3montree-dev/devguard-action/.github/workflows/deploy.yml@main
permissions:
contents: read
packages: write
with:
asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
api-url: https://api.main.devguard.org
image-suffix: "postgresql"
secrets:
devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
sign:
needs:
- build-image
- container-scanning
uses: l3montree-dev/devguard-action/.github/workflows/sign.yml@main
permissions:
contents: read
packages: write
with:
asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
api-url: https://api.main.devguard.org
artifact-name: "postgresql"
image-suffix: "postgresql"
secrets:
devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')