This repository contains GitHub Actions workflows for building and deploying modules for the Deckhouse Kubernetes Platform.
| Workflow | Description |
|---|---|
| setup | Sets up the environment for building and deploying modules. This workflow must be run before any other workflows. |
| build | Builds the Deckhouse modules using the werf tool. |
| deploy | Deploys the Deckhouse modules to the one of selected release channels. |
| cve_scan | Trivy CVE Scan of module images. Documentation can be found here |
| svace_analyze | Include svace analyze action to analyze and import builds made with svace tool |
All examples are located in the examples directory. They show how to use the workflows in different scenarios.
build.yaml— can be run for each PR commit and when a new release is created. Builds the modules and pushes them to the container registry.deploy.yaml— can be run after releasing a new version of the modules. Deploys the modules to the selected release channel.cve_scan.yaml— can run for each PR commit, manually and by push to main branch. Scans modules images for CVE and uploads reports to DefectDojosvace_analyze.yaml— can be run after successfully build with svace tool. Analyze builds with svace analyze tool and imports to the Svacer.
To use these GitHub Action workflows in your own repository:
-
Copy the workflows (YAML files) from the
.examplesdirectory into your repository. -
Adjust the workflow files based on your specific requirements and configurations.
-
Make sure to configure any necessary secrets or environment variables in your GitHub repository settings to enable secure deployment.
-
Trigger the workflows manually or automatically on each push, pull request, or any other event as needed.