ci: remove snyk [DO-3082] #363
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Connect Button Storybook' | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| - main | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| env: | |
| jenkins_job_name: 'kubernetes-deployments/job/connect-button' | |
| helm_dir: 'deploy/helm/connect-button' | |
| dev_eks_cluster: 'rdx-works-main-dev' | |
| prod_eks_cluster: 'rdx-works-main-dev' | |
| jobs: | |
| build_push_container: | |
| if: ${{ (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy-pr')) || (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')) }} | |
| permissions: | |
| packages: write | |
| id-token: write | |
| pull-requests: write | |
| contents: read | |
| name: Build and push docker image | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-latest | |
| image_registry: 'docker.io' | |
| image_organization: 'radixdlt' | |
| image_name: 'connect-button-storybook' | |
| tag: ${{ needs.build.outputs.tag }} | |
| tags: | | |
| type=sha,priority=601 | |
| type=ref,event=pr | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| context: './' | |
| dockerfile: './packages/connect-button/Dockerfile' | |
| platforms: 'linux/amd64' | |
| provenance: 'false' | |
| enable_gcr: 'false' | |
| scan_image: false | |
| deploy_pull_request: | |
| if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy-pr') }} | |
| name: Deploy PR | |
| permissions: | |
| id-token: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| contents: read | |
| needs: | |
| - build_push_container | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| jenkins_job_name: "kubernetes-deployments/job/connect-button" | |
| github_branch: "${{ github.head_ref }}" | |
| application_name: "connect-button" | |
| hierarchical_namespace: "connect-button-ci-pr" | |
| create_subnamespace: "true" | |
| kubernetes_namespace: "connect-button-pr-${{ github.event.number }}" | |
| aws_eks_cluster: "rdx-works-main-dev" | |
| aws_iam_role_name: "jenkins-connect-button-pr-deployer" | |
| helmfile_environment: "pr" | |
| helm_dir: "deploy/helm/connect-button" | |
| helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }},ci.prNumber=${{ github.event.number }}" | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |
| deploy_dev: | |
| if: github.ref == 'refs/heads/develop' && github.event_name == 'push' | |
| name: Deploy DEV | |
| permissions: | |
| id-token: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| contents: read | |
| needs: | |
| - build_push_container | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| github_environment: "dev" | |
| github_branch: "${{ github.ref }}" | |
| jenkins_job_name: "kubernetes-deployments/job/connect-button" | |
| application_name: "connect-button" | |
| kubernetes_namespace: "connect-button-dev" | |
| aws_eks_cluster: "rdx-works-main-dev" | |
| aws_iam_role_name: "jenkins-connect-button-dev-deployer" | |
| helmfile_environment: "dev" | |
| helm_dir: "deploy/helm/connect-button" | |
| helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}" | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |
| deploy_prod: | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| name: Deploy PROD | |
| permissions: | |
| id-token: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| contents: read | |
| needs: | |
| - build_push_container | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| github_environment: "prod" | |
| github_branch: "${{ github.ref }}" | |
| jenkins_job_name: "kubernetes-deployments/job/connect-button" | |
| application_name: "connect-button" | |
| kubernetes_namespace: "connect-button-prod" | |
| aws_eks_cluster: "rdx-works-main-dev" | |
| aws_iam_role_name: "jenkins-connect-button-prod-deployer" | |
| helmfile_environment: "prod" | |
| helm_dir: "deploy/helm/connect-button" | |
| helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}" | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} |