bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity

Fix dev deployment and revert CI changes

Browse Source 
- Remove SBOM job (not starting, investigate later)
- Revert KICS rules change
- Fix memory requests to equal limits per cluster Kyverno policy
This commit is contained in:
Mondo Diaz
2026-01-15 19:31:44 +00:00
parent bafb367811
commit be139200d2
3 changed files with 3 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.gitlab-ci.yml
View File

@@ -28,8 +28,6 @@ stages:
kics: kics:
variables: variables:
KICS_CONFIG: kics.config KICS_CONFIG: kics.config
rules:
- when: always
# Post-deployment integration tests template # Post-deployment integration tests template
.integration_test_template: &integration_test_template .integration_test_template: &integration_test_template
@@ -112,26 +110,6 @@ integration_test_feature:
- if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != "main"' - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != "main"'
when: on_success when: on_success
# Generate Software Bill of Materials (SBOM)
sbom:
stage: build
needs: [build_image]
image: deps.global.bsf.tools/docker/anchore/syft:latest
timeout: 10m
variables:
IMAGE_NAME: registry.global.bsf.tools/esv/bsf/bsf-integration/orchard/orchard-mvp:git.linux-amd64-$CI_COMMIT_SHA
script:
- echo "Generating SBOM for $IMAGE_NAME"
- syft $IMAGE_NAME -o spdx-json=sbom-spdx.json -o cyclonedx-json=sbom-cyclonedx.json
- echo "SBOM generation complete"
- echo "SPDX format:" && head -50 sbom-spdx.json
artifacts:
when: always
expire_in: 1 year
paths:
- sbom-spdx.json
- sbom-cyclonedx.json
# Run Python backend tests # Run Python backend tests
python_tests: python_tests:
stage: test stage: test

2
CHANGELOG.md
View File

@@ -7,7 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Added ### Added
- Added SBOM (Software Bill of Materials) generation in CI pipeline using Syft (SPDX and CycloneDX formats)
- Added GitLab CI pipeline for feature branch deployments to dev namespace (#51) - Added GitLab CI pipeline for feature branch deployments to dev namespace (#51)
- Added `deploy_feature` job with dynamic hostnames and unique release names (#51) - Added `deploy_feature` job with dynamic hostnames and unique release names (#51)
- Added `cleanup_feature` job with `on_stop` for automatic cleanup on merge (#51) - Added `cleanup_feature` job with `on_stop` for automatic cleanup on merge (#51)
@@ -32,6 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Fixed integration tests running when deploy fails (`when: on_success`) (#51) - Fixed integration tests running when deploy fails (`when: on_success`) (#51)
- Fixed static file serving for favicon and other files in frontend dist root - Fixed static file serving for favicon and other files in frontend dist root
- Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies) - Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies)
- Fixed dev environment memory requests to equal limits per cluster Kyverno policy
### Removed ### Removed
- Removed unused `store_streaming()` method from storage.py (#51) - Removed unused `store_streaming()` method from storage.py (#51)

3
helm/orchard/values-dev.yaml
View File

@@ -53,13 +53,14 @@ ingress:
- orchard-dev.common.global.bsf.tools # Overridden by CI - orchard-dev.common.global.bsf.tools # Overridden by CI
# Lighter resources for ephemeral environments # Lighter resources for ephemeral environments
# Note: memory requests must equal limits per cluster policy
resources: resources:
limits: limits:
cpu: 250m cpu: 250m
memory: 256Mi memory: 256Mi
requests: requests:
cpu: 100m cpu: 100m
memory: 128Mi memory: 256Mi
livenessProbe: livenessProbe:
httpGet: httpGet: