Add secrets job to deploy dependencies
Deploy jobs now wait for the secrets/gitleaks scan to pass before running. This ensures no deployment happens if security scans fail.
This commit is contained in:
Mondo Diaz
@@ -175,7 +175,7 @@ frontend_tests:
|
|||||||
# Shared deploy configuration
|
# Shared deploy configuration
|
||||||
.deploy_template: &deploy_template
|
.deploy_template: &deploy_template
|
||||||
stage: deploy
|
stage: deploy
|
||||||
needs: [build_image, kics, hadolint, python_tests, frontend_tests]
|
needs: [build_image, kics, hadolint, python_tests, frontend_tests, secrets]
|
||||||
image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
|
image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
|
||||||
|
|
||||||
.helm_setup: &helm_setup
|
.helm_setup: &helm_setup
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||||||
- Fixed gitleaks false positives with fingerprints for historical commits (#51)
|
- Fixed gitleaks false positives with fingerprints for historical commits (#51)
|
||||||
- Fixed integration tests running when deploy fails (`when: on_success`) (#51)
|
- Fixed integration tests running when deploy fails (`when: on_success`) (#51)
|
||||||
- Fixed static file serving for favicon and other files in frontend dist root
|
- Fixed static file serving for favicon and other files in frontend dist root
|
||||||
|
- Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies)
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
- Removed unused `store_streaming()` method from storage.py (#51)
|
- Removed unused `store_streaming()` method from storage.py (#51)
|
||||||
|
|||||||
Reference in New Issue
Block a user