Nightly Manager #499
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Nightly Manager' | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: '0 20 * * *' | |
permissions: | |
contents: read | |
jobs: | |
master_basic_poc: | |
uses: imperva/dsfkit/.github/workflows/nightly_sonar_poc_basic_cli.yml@master | |
with: | |
branch: master | |
workspace: simple_cli_master_nightly | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
dev_basic_poc: | |
uses: imperva/dsfkit/.github/workflows/nightly_sonar_poc_basic_cli.yml@dev | |
with: | |
branch: dev | |
workspace: simple_cli_dev_nightly | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
master_single_account: | |
uses: imperva/dsfkit/.github/workflows/sonar_single_account_cli.yml@master | |
with: | |
branch: master | |
secrets: | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
dev_single_account: | |
uses: imperva/dsfkit/.github/workflows/sonar_single_account_cli.yml@dev | |
with: | |
branch: dev | |
secrets: | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
master_multi_account: | |
uses: imperva/dsfkit/.github/workflows/sonar_multi_account_cli.yml@master | |
with: | |
branch: master | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
# dev waits for master since they use the same constant resources - NAT, VPC, etc. | |
# In addition, dev can't run if master fails since master resources may still be up if the failure happened after | |
# apply, otherwise we could have added 'if: always()'. | |
dev_multi_account: | |
needs: master_multi_account | |
uses: imperva/dsfkit/.github/workflows/sonar_multi_account_cli.yml@dev | |
with: | |
branch: dev | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
master_dsf_single_account: | |
uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@master | |
with: | |
branch: master | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
dev_dsf_single_account: | |
uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@dev | |
with: | |
branch: dev | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | |
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | |
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
master_dsf_poc: | |
uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@master | |
with: | |
use_modules_from_terraform_registry: true | |
explicit_ref: master | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
dev_dsf_poc: | |
uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@dev | |
with: | |
use_modules_from_terraform_registry: false | |
explicit_ref: dev | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
master_dsf_poc_azure: | |
uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@master | |
with: | |
use_modules_from_terraform_registry: true | |
explicit_ref: master | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
dev_dsf_poc_azure: | |
uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@dev | |
with: | |
use_modules_from_terraform_registry: false | |
explicit_ref: dev | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
master_sonar_upgrade: | |
uses: imperva/dsfkit/.github/workflows/sonar_upgrade.yml@master | |
with: | |
use_modules_from_terraform_registry: true | |
explicit_ref: master | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} | |
dev_sonar_upgrade: | |
uses: imperva/dsfkit/.github/workflows/sonar_upgrade.yml@dev | |
with: | |
use_modules_from_terraform_registry: false | |
explicit_ref: dev | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }} |