From c4cfd86fc65e0eafe54a2564337f72fdb2784c91 Mon Sep 17 00:00:00 2001 From: Boris Lavrishchev Date: Wed, 29 Apr 2026 14:27:20 +0300 Subject: [PATCH 1/2] feat: added workflow for hardening check https://github.com/Netcracker/qubership-workflow-hub/issues/684 --- .github/workflows/run_hardening_tests.yaml | 52 ++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/run_hardening_tests.yaml diff --git a/.github/workflows/run_hardening_tests.yaml b/.github/workflows/run_hardening_tests.yaml new file mode 100644 index 0000000..ee79cf4 --- /dev/null +++ b/.github/workflows/run_hardening_tests.yaml @@ -0,0 +1,52 @@ +name: Run Hardening Tests + +permissions: + contents: read + packages: read + +on: + push: + branches: + - "**" + paths-ignore: + - "docs/**" + - "CODE-OF-CONDUCT.md" + - "CONTRIBUTING.md" + - "LICENSE" + - "README.md" + - "SECURITY.md" + pull_request: + branches: + - "**" + paths-ignore: + - "docs/**" + - "CODE-OF-CONDUCT.md" + - "CONTRIBUTING.md" + - "LICENSE" + - "README.md" + - "SECURITY.md" + +jobs: + Wait-for-images: + runs-on: ubuntu-latest + outputs: + conclusion: ${{ steps.wait.outputs.conclusion }} + steps: + - name: Wait for dev_build.yml to complete + uses: netcracker/qubership-workflow-hub/actions/wait-for-workflow@e64a1ee2fc2f68ab44a4ef416c27d83ce36ba8e1 #v2.2.1 + id: wait + with: + workflow: dev_build.yml + token: ${{ secrets.GITHUB_TOKEN }} + poll-interval: 20 + Consul-Pipeline: + needs: Wait-for-images + uses: Netcracker/qubership-test-pipelines/.github/workflows/consul.yaml@feature/apps-hardening-scan + with: + service_branch: '${{ github.head_ref || github.ref_name }}' + pipeline_branch: 'feature/apps-hardening-scan' + scope: hardening + secrets: + AWS_S3_ACCESS_KEY_ID: ${{secrets.AWS_S3_ACCESS_KEY_ID}} + AWS_S3_ACCESS_KEY_SECRET: ${{secrets.AWS_S3_ACCESS_KEY_SECRET}} + From d8441a2f292cab37e9d154f5f82d5c116b6a5157 Mon Sep 17 00:00:00 2001 From: Boris Lavrishchev Date: Mon, 18 May 2026 13:13:17 +0300 Subject: [PATCH 2/2] chore: add workflow_dispatch trigger to hardening tests --- .github/workflows/run_hardening_tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run_hardening_tests.yaml b/.github/workflows/run_hardening_tests.yaml index ee79cf4..9fcbfd8 100644 --- a/.github/workflows/run_hardening_tests.yaml +++ b/.github/workflows/run_hardening_tests.yaml @@ -5,6 +5,7 @@ permissions: packages: read on: + workflow_dispatch: {} push: branches: - "**"