refactor: remove unused ip tracking #2050

Workflow file for this run

.github/workflows/ci-pipeline.yml at d298bd7

	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	# Allow to run this workflow manually
	workflow_dispatch:

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}
	IMAGE_VERSION: ${{ github.sha }}

	jobs:
	code-quality:
	uses: ./.github/workflows/npm-checks.yml
	secrets:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	create-content-file:
	permissions:
	packages: read
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Parse Content to File
	uses: ./.github/actions/parse-content-to-file
	with:
	STRAPI_API: "${{ secrets.STRAPI_API }}"
	STRAPI_ACCESS_KEY: "${{ secrets.STRAPI_ACCESS_KEY }}"

	- name: Calculate file checksum
	id: checksum
	run: echo "content_checksum=$(md5sum content.json \| awk '{ print $1; }')" >> $GITHUB_OUTPUT

	- name: Upload Content File for further steps
	uses: actions/upload-artifact@v4
	with:
	name: content-file
	path: content.json
	outputs:
	content_checksum: ${{ steps.checksum.outputs.content_checksum }}

	build-image:
	needs: [create-content-file]
	runs-on: ubuntu-latest
	timeout-minutes: 15
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v4
	with:
	name: content-file
	- name: Build docker image
	run: \|
	docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }} . --build-arg COMMIT_SHA=${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }}
	docker save ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }} > container.tar
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
	with:
	image-ref: "${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }}"
	format: "sarif"
	output: "trivy-results.sarif"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@81b419c908d540ec4c7da9bfb4b5d941fca8f624
	with:
	sarif_file: "trivy-results.sarif"
	- uses: actions/upload-artifact@v4
	with:
	name: docker-image
	path: container.tar
	outputs:
	content_checksum: ${{ needs.create-content-file.outputs.content_checksum }}

	verify-external-links:
	needs: [create-content-file]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Download Content File
	uses: actions/download-artifact@v4
	with:
	name: content-file
	- run: npm ci
	- run: npm run verifyWebsites
	- run: npm run verifyEmails

	verify-local-e2e:
	needs: [create-content-file]
	uses: ./.github/workflows/e2e-test.yml
	secrets:
	GERICHTSFINDER_ENCRYPTION_KEY: ${{ secrets.GERICHTSFINDER_ENCRYPTION_KEY }}

	push-image:
	needs: [verify-local-e2e, verify-external-links, code-quality, build-image]
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	security-events: write
	packages: write
	id-token: write
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: docker-image
	- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push image
	run: \|
	docker load < container.tar
	docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.build-image.outputs.content_checksum }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.build-image.outputs.content_checksum }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}-${{ needs.build-image.outputs.content_checksum }}
	docker push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	deploy-staging:
	needs: [create-content-file, push-image]
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	environment: staging
	steps:
	- name: Report Deployment
	uses: digitalservicebund/github-actions/track-deployment@34a48d29a9c4cc2fd6710b8eb37e13618a08fa88
	with:
	project: a2j-rechtsantragstelle
	environment: staging
	metrics_deployment_webhook_url: ${{ secrets.METRICS_DEPLOYMENT_WEBHOOK_URL }}
	metrics_webhook_token: ${{ secrets.METRICS_WEBHOOK_TOKEN }}

	- name: Deploy new staging image
	uses: digitalservicebund/github-actions/argocd-deploy@a223a68bc5982e5175beb73c708d99d8f9ba7858
	with:
	environment: staging
	version: ${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }}
	deploying_repo: a2j-rechtsantragstelle
	infra_repo: a2j-rechtsantragstelle-infra
	deploy_key: ${{ secrets.DEPLOY_KEY }}
	app: a2j-rast-staging
	argocd_pipeline_password: ${{ secrets.ARGOCD_PIPELINE_PASSWORD }}
	argocd_server: ${{ secrets.ARGOCD_SERVER }}
	argocd_sync_timeout: 300

	verify-staging-e2e:
	needs: [create-content-file, deploy-staging]
	uses: ./.github/workflows/e2e-test.yml
	secrets:
	BASE_URL: ${{ secrets.STAGING_BASIC_AUTH_TOKEN }}
	with:
	USE_EXISTING_SERVER: true

	deploy-preview:
	needs: [create-content-file, push-image, verify-staging-e2e]
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	environment: preview
	steps:
	- name: Report Deployment
	uses: digitalservicebund/github-actions/track-deployment@34a48d29a9c4cc2fd6710b8eb37e13618a08fa88
	with:
	project: a2j-rechtsantragstelle
	environment: preview
	metrics_deployment_webhook_url: ${{ secrets.METRICS_DEPLOYMENT_WEBHOOK_URL }}
	metrics_webhook_token: ${{ secrets.METRICS_WEBHOOK_TOKEN }}

	- name: Deploy new preview image
	uses: digitalservicebund/github-actions/argocd-deploy@a223a68bc5982e5175beb73c708d99d8f9ba7858
	with:
	environment: preview
	version: ${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }}
	deploying_repo: a2j-rechtsantragstelle
	infra_repo: a2j-rechtsantragstelle-infra
	deploy_key: ${{ secrets.DEPLOY_KEY }}
	app: a2j-rast-preview
	argocd_pipeline_password: ${{ secrets.ARGOCD_PIPELINE_PASSWORD }}
	argocd_server: ${{ secrets.ARGOCD_SERVER }}
	argocd_sync_timeout: 300

	test-preview-text:
	needs: [deploy-preview]
	permissions:
	packages: read
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run text test
	uses: ./.github/actions/preview-text-test

	deploy-production:
	needs: [create-content-file, push-image, verify-staging-e2e]
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	environment: production
	steps:
	- name: Report Deployment
	uses: digitalservicebund/github-actions/track-deployment@34a48d29a9c4cc2fd6710b8eb37e13618a08fa88
	with:
	project: a2j-rechtsantragstelle
	environment: production
	metrics_deployment_webhook_url: ${{ secrets.METRICS_DEPLOYMENT_WEBHOOK_URL }}
	metrics_webhook_token: ${{ secrets.METRICS_WEBHOOK_TOKEN }}

	- name: Deploy new production image
	uses: digitalservicebund/github-actions/argocd-deploy@a223a68bc5982e5175beb73c708d99d8f9ba7858
	with:
	environment: production
	version: ${{ env.IMAGE_VERSION }}-${{ needs.create-content-file.outputs.content_checksum }}
	deploying_repo: a2j-rechtsantragstelle
	infra_repo: a2j-rechtsantragstelle-infra
	deploy_key: ${{ secrets.DEPLOY_KEY }}
	app: a2j-rast-production
	argocd_pipeline_password: ${{ secrets.ARGOCD_PIPELINE_PASSWORD }}
	argocd_server: ${{ secrets.ARGOCD_SERVER }}
	argocd_sync_timeout: 300

	test-production-text:
	needs: [deploy-production]
	permissions:
	packages: read
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run text test
	uses: ./.github/actions/production-text-test

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: remove unused ip tracking #2050

Workflow file

refactor: remove unused ip tracking #2050

Jobs

Run details

Workflow file for this run