65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
{{- define "template.workflow.security-pipeline.tasks" -}}
|
|
- name: clone
|
|
template: clone-repo
|
|
arguments:
|
|
parameters:
|
|
- name: repo-url
|
|
value: {{ `{{workflow.parameters.repo-url}}` | quote }}
|
|
- name: git-revision
|
|
value: {{ `{{workflow.parameters.git-revision}}` | quote }}
|
|
- name: scanners
|
|
dependencies:
|
|
- clone
|
|
template: parallel-scanners
|
|
arguments:
|
|
parameters:
|
|
- name: working-dir
|
|
value: {{ `{{workflow.parameters.working-dir}}` | quote }}
|
|
- name: enforce-policy
|
|
dependencies:
|
|
- scanners
|
|
template: enforce-policy
|
|
arguments:
|
|
parameters:
|
|
- name: fail-on-cvss
|
|
value: {{ `{{workflow.parameters.fail-on-cvss}}` | quote }}
|
|
{{- if .Values.storage.enabled }}
|
|
- name: upload-storage
|
|
dependencies:
|
|
- scanners
|
|
template: upload-storage
|
|
{{- end }}
|
|
{{- if .Values.defectdojo.enabled }}
|
|
- name: upload-defectdojo
|
|
dependencies:
|
|
- scanners
|
|
template: upload-defectdojo
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- define "template.workflow.parallel-scanners.tasks" -}}
|
|
{{- /* Scanner fan-out is data-driven from pipeline.scanners in values.yaml. */ -}}
|
|
{{- range $scanner := .Values.pipeline.scanners }}
|
|
- name: {{ $scanner }}
|
|
template: scan-{{ $scanner }}
|
|
arguments:
|
|
parameters:
|
|
- name: working-dir
|
|
value: {{ `{{inputs.parameters.working-dir}}` | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- define "template.workflow.named-templates" -}}
|
|
{{- /* Keep the main workflow file focused on orchestration; implementations are included here. */ -}}
|
|
{{- range $scanner := .Values.pipeline.scanners }}
|
|
{{ include (printf "template.scan-%s" $scanner) $ }}
|
|
{{- end }}
|
|
{{- if .Values.storage.enabled }}
|
|
{{ include "template.upload-storage" . }}
|
|
{{- end }}
|
|
{{- if .Values.defectdojo.enabled }}
|
|
{{ include "template.upload-defectdojo" . }}
|
|
{{- end }}
|
|
{{ include "template.enforce-policy" . }}
|
|
{{- end }}
|