取り込み

.github/workflows/docker-publish-api.yml

@@ -221,72 +221,72 @@ jobs:
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
 
-  deploy:
-    permissions:
-      id-token: write
-    needs: test-api
-    name: Deploy to ECR
-    runs-on: ubuntu-latest
-    environment: production
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    # Set up BuildKit Docker container builder to be able to build
-    # multi-platform images and export cache
-    # https://github.com/docker/setup-buildx-action
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3 # v3.1.0
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ secrets.ASSUME_ROLE }}
-        aws-region: ${{ env.AWS_REGION }}
-
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
-      with:
-        mask-password: 'true'
-        registry-type: public
-
-    # Extract metadata (tags, labels) for Docker
-    # https://github.com/docker/metadata-action
-    - name: Extract Docker metadata
-      id: meta
-      uses: docker/metadata-action@v5 # v5.0.0
-      with:
-        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-api
-
-    # Build and push Docker image with Buildx (don't push on PR)
-    # https://github.com/docker/build-push-action
-    - name: Build and push Docker image
-      id: build-and-push
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ env.DOCKER_FILEPATH }}
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        platforms: ${{ env.PLATFORM }}
-
-    # - name: Fill in the new image ID in the Amazon ECS task definition
-    #   id: task-def
-    #   uses: aws-actions/amazon-ecs-render-task-definition@v1
-    #   with:
-    #     task-definition: ${{ env.ECS_TASK_DEFINITION }}
-    #     container-name: ${{ env.CONTAINER_NAME }}
-    #     image: ${{ steps.build-and-push.outputs.image }}
-
-    # - name: Deploy Amazon ECS task definition
-    #   uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-    #   with:
-    #     task-definition: ${{ steps.task-def.outputs.task-definition }}
-    #     service: ${{ env.ECS_SERVICE }}
-    #     cluster: ${{ env.ECS_CLUSTER }}
-    #     wait-for-service-stability: true
+#  deploy:
+#    permissions:
+#      id-token: write
+#    needs: test-api
+#    name: Deploy to ECR
+#    runs-on: ubuntu-latest
+#    environment: production
+#
+#    steps:
+#    - name: Checkout
+#      uses: actions/checkout@v4
+#
+#    # Set up BuildKit Docker container builder to be able to build
+#    # multi-platform images and export cache
+#    # https://github.com/docker/setup-buildx-action
+#    - name: Set up Docker Buildx
+#      uses: docker/setup-buildx-action@v3 # v3.1.0
+#
+#    - name: Configure AWS credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        role-to-assume: ${{ secrets.ASSUME_ROLE }}
+#        aws-region: ${{ env.AWS_REGION }}
+#
+#    - name: Login to Amazon ECR
+#      id: login-ecr
+#      uses: aws-actions/amazon-ecr-login@v1
+#      with:
+#        mask-password: 'true'
+#        registry-type: public
+#
+#    # Extract metadata (tags, labels) for Docker
+#    # https://github.com/docker/metadata-action
+#    - name: Extract Docker metadata
+#      id: meta
+#      uses: docker/metadata-action@v5 # v5.0.0
+#      with:
+#        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-api
+#
+#    # Build and push Docker image with Buildx (don't push on PR)
+#    # https://github.com/docker/build-push-action
+#    - name: Build and push Docker image
+#      id: build-and-push
+#      uses: docker/build-push-action@v5
+#      with:
+#        context: .
+#        file: ${{ env.DOCKER_FILEPATH }}
+#        push: ${{ github.event_name != 'pull_request' }}
+#        tags: ${{ steps.meta.outputs.tags }}
+#        labels: ${{ steps.meta.outputs.labels }}
+#        cache-from: type=gha
+#        cache-to: type=gha,mode=max
+#        platforms: ${{ env.PLATFORM }}
+#
+#    # - name: Fill in the new image ID in the Amazon ECS task definition
+#    #   id: task-def
+#    #   uses: aws-actions/amazon-ecs-render-task-definition@v1
+#    #   with:
+#    #     task-definition: ${{ env.ECS_TASK_DEFINITION }}
+#    #     container-name: ${{ env.CONTAINER_NAME }}
+#    #     image: ${{ steps.build-and-push.outputs.image }}
+#
+#    # - name: Deploy Amazon ECS task definition
+#    #   uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+#    #   with:
+#    #     task-definition: ${{ steps.task-def.outputs.task-definition }}
+#    #     service: ${{ env.ECS_SERVICE }}
+#    #     cluster: ${{ env.ECS_CLUSTER }}
+#    #     wait-for-service-stability: true

.github/workflows/docker-publish-key-manager.yml

@@ -221,59 +221,59 @@ jobs:
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
 
-  deploy:
-    permissions:
-      id-token: write
-    needs: test-key-manager
-    name: Deploy to ECR
-    runs-on: ubuntu-latest
-    environment: production
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    # Set up BuildKit Docker container builder to be able to build
-    # multi-platform images and export cache
-    # https://github.com/docker/setup-buildx-action
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3 # v3.1.0
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ secrets.ASSUME_ROLE }}
-        aws-region: ${{ env.AWS_REGION }}
-
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
-      with:
-        mask-password: 'true'
-        registry-type: public
-
-    # Extract metadata (tags, labels) for Docker
-    # https://github.com/docker/metadata-action
-    - name: Extract Docker metadata
-      id: meta
-      uses: docker/metadata-action@v5 # v5.0.0
-      with:
-        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-key-manager
-
-    # Build and push Docker image with Buildx (don't push on PR)
-    # https://github.com/docker/build-push-action
-    - name: Build and push Docker image
-      id: build-and-push
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ env.DOCKER_FILEPATH }}
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        platforms: ${{ env.PLATFORM }}
+#  deploy:
+#    permissions:
+#      id-token: write
+#    needs: test-key-manager
+#    name: Deploy to ECR
+#    runs-on: ubuntu-latest
+#    environment: production
+#
+#    steps:
+#    - name: Checkout
+#      uses: actions/checkout@v4
+#
+#    # Set up BuildKit Docker container builder to be able to build
+#    # multi-platform images and export cache
+#    # https://github.com/docker/setup-buildx-action
+#    - name: Set up Docker Buildx
+#      uses: docker/setup-buildx-action@v3 # v3.1.0
+#
+#    - name: Configure AWS credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        role-to-assume: ${{ secrets.ASSUME_ROLE }}
+#        aws-region: ${{ env.AWS_REGION }}
+#
+#    - name: Login to Amazon ECR
+#      id: login-ecr
+#      uses: aws-actions/amazon-ecr-login@v1
+#      with:
+#        mask-password: 'true'
+#        registry-type: public
+#
+#    # Extract metadata (tags, labels) for Docker
+#    # https://github.com/docker/metadata-action
+#    - name: Extract Docker metadata
+#      id: meta
+#      uses: docker/metadata-action@v5 # v5.0.0
+#      with:
+#        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-key-manager
+#
+#    # Build and push Docker image with Buildx (don't push on PR)
+#    # https://github.com/docker/build-push-action
+#    - name: Build and push Docker image
+#      id: build-and-push
+#      uses: docker/build-push-action@v5
+#      with:
+#        context: .
+#        file: ${{ env.DOCKER_FILEPATH }}
+#        push: ${{ github.event_name != 'pull_request' }}
+#        tags: ${{ steps.meta.outputs.tags }}
+#        labels: ${{ steps.meta.outputs.labels }}
+#        cache-from: type=gha
+#        cache-to: type=gha,mode=max
+#        platforms: ${{ env.PLATFORM }}
 
     # - name: Fill in the new image ID in the Amazon ECS task definition
     #   id: task-def

.github/workflows/docker-publish-updater.yml

@@ -216,59 +216,59 @@ jobs:
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
 
-  deploy:
-    permissions:
-      id-token: write
-    needs: test-updater
-    name: Deploy to ECR
-    runs-on: ubuntu-latest
-    environment: production
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    
-    # Set up BuildKit Docker container builder to be able to build
-    # multi-platform images and export cache
-    # https://github.com/docker/setup-buildx-action
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3 # v3.1.0
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ secrets.ASSUME_ROLE }}
-        aws-region: ${{ env.AWS_REGION }}
-
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v2
-      with:
-        mask-password: 'true'
-        registry-type: public
-
-    # Extract metadata (tags, labels) for Docker
-    # https://github.com/docker/metadata-action
-    - name: Extract Docker metadata
-      id: meta
-      uses: docker/metadata-action@v5 # v5.0.0
-      with:
-        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-updater
-
-    # Build and push Docker image with Buildx (don't push on PR)
-    # https://github.com/docker/build-push-action
-    - name: Build and push Docker image
-      id: build-and-push
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ env.DOCKER_FILEPATH }}
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        platforms: ${{ env.PLATFORM }}
+#  deploy:
+#    permissions:
+#      id-token: write
+#    needs: test-updater
+#    name: Deploy to ECR
+#    runs-on: ubuntu-latest
+#    environment: production
+#
+#    steps:
+#    - name: Checkout
+#      uses: actions/checkout@v4
+#
+#    # Set up BuildKit Docker container builder to be able to build
+#    # multi-platform images and export cache
+#    # https://github.com/docker/setup-buildx-action
+#    - name: Set up Docker Buildx
+#      uses: docker/setup-buildx-action@v3 # v3.1.0
+#
+#    - name: Configure AWS credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        role-to-assume: ${{ secrets.ASSUME_ROLE }}
+#        aws-region: ${{ env.AWS_REGION }}
+#
+#    - name: Login to Amazon ECR
+#      id: login-ecr
+#      uses: aws-actions/amazon-ecr-login@v2
+#      with:
+#        mask-password: 'true'
+#        registry-type: public
+#
+#    # Extract metadata (tags, labels) for Docker
+#    # https://github.com/docker/metadata-action
+#    - name: Extract Docker metadata
+#      id: meta
+#      uses: docker/metadata-action@v5 # v5.0.0
+#      with:
+#        images: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }}-updater
+#
+#    # Build and push Docker image with Buildx (don't push on PR)
+#    # https://github.com/docker/build-push-action
+#    - name: Build and push Docker image
+#      id: build-and-push
+#      uses: docker/build-push-action@v5
+#      with:
+#        context: .
+#        file: ${{ env.DOCKER_FILEPATH }}
+#        push: ${{ github.event_name != 'pull_request' }}
+#        tags: ${{ steps.meta.outputs.tags }}
+#        labels: ${{ steps.meta.outputs.labels }}
+#        cache-from: type=gha
+#        cache-to: type=gha,mode=max
+#        platforms: ${{ env.PLATFORM }}
 
     # - name: Fill in the new image ID in the Amazon ECS task definition
     #   id: task-def

.github/workflows/qodana_code_quality.yml

@@ -0,0 +1,28 @@
+name: Qodana
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches: # Specify your branches here
+      - main # The 'main' branch
+      - 'releases/*' # The release branches
+
+jobs:
+  qodana:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}  # to check out the actual pull request commit, not the merge commit
+          fetch-depth: 0  # a full history is required for pull request analysis
+      - name: 'Qodana Scan'
+        uses: JetBrains/[email protected]
+        with:
+          pr-mode: false
+        env:
+          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN_1465353938 }}
+          QODANA_ENDPOINT: 'https://qodana.cloud'