Add secrets job to deploy dependencies
Deploy jobs now wait for the secrets/gitleaks scan to pass before running. This ensures no deployment happens if security scans fail.
This commit is contained in:
Mondo Diaz
@@ -175,7 +175,7 @@ frontend_tests:
|
||||
# Shared deploy configuration
|
||||
.deploy_template: &deploy_template
|
||||
stage: deploy
|
||||
needs: [build_image, kics, hadolint, python_tests, frontend_tests]
|
||||
needs: [build_image, kics, hadolint, python_tests, frontend_tests, secrets]
|
||||
image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
|
||||
|
||||
.helm_setup: &helm_setup
|
||||
|
||||
@@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
- Fixed gitleaks false positives with fingerprints for historical commits (#51)
|
||||
- Fixed integration tests running when deploy fails (`when: on_success`) (#51)
|
||||
- Fixed static file serving for favicon and other files in frontend dist root
|
||||
- Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies)
|
||||
|
||||
### Removed
|
||||
- Removed unused `store_streaming()` method from storage.py (#51)
|
||||
|
||||
Reference in New Issue
Block a user