Skip to content

Commit 8a1d39d

Browse files
halekammounhalekammoun
committed
k8s manifests
1 parent 3882697 commit 8a1d39d

File tree

1 file changed

+21
-18
lines changed

1 file changed

+21
-18
lines changed

.github/workflows/secured-CICD.yml

Lines changed: 21 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,27 +9,28 @@ on:
99
jobs:
1010
sonarq-integration:
1111
runs-on: ubuntu-latest
12-
1312
steps:
14-
- uses: actions/checkout@v2
15-
with:
16-
# Disabling shallow clone is recommended for improving relevancy of reporting
17-
fetch-depth: 0
18-
- name: Test SonarQube connectivity
19-
run: |
20-
curl -v ${{ secrets.SONAR_HOST_URL }}/api/system/status
21-
- name: SonarQube Scan
22-
uses: sonarsource/sonarqube-scan-action@v2
23-
env:
24-
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
25-
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
26-
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
27-
SONAR_PROJECT_NAME: "Microservice-Based-Password-Manager-with-a-Secure-CI-CD-Pipeline"
13+
- uses: actions/checkout@v2
14+
with:
15+
# Disabling shallow clone improves reporting relevancy
16+
fetch-depth: 0
17+
18+
- name: Test SonarQube connectivity
19+
run: |
20+
curl -v ${{ secrets.SONAR_HOST_URL }}/api/system/status
21+
22+
- name: SonarQube Scan
23+
uses: sonarsource/sonarqube-scan-action@v2
24+
env:
25+
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
26+
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
27+
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
28+
SONAR_PROJECT_NAME: "Microservice-Based-Password-Manager-with-a-Secure-CI-CD-Pipeline"
2829

2930
build-trivy-scan-and-push:
3031
runs-on: ubuntu-latest
31-
#needs: sonarq-integration # Uncomment to ensure SonarQube analysis completes before the build
32-
32+
# Uncomment the next line to ensure this job waits for SonarQube analysis
33+
# needs: sonarq-integration
3334
steps:
3435
- name: Checkout code
3536
uses: actions/checkout@v2
@@ -51,12 +52,14 @@ jobs:
5152
file: ./Dockerfile
5253
push: false
5354
tags: ${{ secrets.DOCKERHUB_USERNAME }}/web:latest
55+
5456
- name: Scan image with Trivy
5557
uses: aquasecurity/trivy-action@master
5658
with:
5759
image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/web:latest
60+
5861
- name: Push Docker image
59-
if: success() # Push only if Trivy scan succeeds
62+
if: success()
6063
uses: docker/build-push-action@v2
6164
with:
6265
context: .

0 commit comments

Comments
 (0)