-
Notifications
You must be signed in to change notification settings - Fork 4
Git Repository
There are several requirements that need to be met before merging into the main Branch since it always reflects the currently deployed productive source code. The pull request will tell you wether merging is possible or if there are any unmet requirements.
Important
When merging always choose Squash and merge to squash all commits within the PR into one single commit!
For each development task, create a separate branch. Each logically completed individual task should be committed. A branch always corresponds to a issue and adhere to the following naming convention:
WWI21/<ISSUE_NO>-<DESCRIPTION>
WWI21/58-poc-setupThis section describes and explains all the required secrets stored in this repository.
They can be found in this repository under Settings > Secrets and variables.
Caution
Never publish or push credentials, secrets, or any sensitive information directly to your repository or any other public platform. Exposing sensitive information can lead to security vulnerabilities, unauthorized access, and potential data breaches. Always use secure methods to manage and store your credentials.
| Secret | Type | Description | Example Value |
|---|---|---|---|
GCP_WORKLOAD_IDENTITY_PROVIDER |
Action |
he full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts (source). This required value can be retrieved by executing the /scripts/github-actions-gcp.sh script. |
projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider |
GCP_SERVICE_ACCOUNT |
Action |
Email address or unique identifier of the Google Cloud service account for which to impersonate and generate credentials (source). service-account and project-id can be retrieved by executing the /scripts/github-actions-gcp.sh script. |
<service-account>@<project-id>.iam.gserviceaccount.com |
DOCKER_HUB_USERNAME |
Action |
Username of the corresponding Docker Hub account. Docker images will be published automatically to this container registry by the deployment pipeline. | <username-as-a-simple-string> |
DOCKER_HUB_ACCESSTOKEN |
Action |
Access token of (not password!) the corresponding Docker Hub account. Docker images will be published automatically to this container registry by the deployment pipeline. | <accesstoken-as-a-simple-string> |
GCP_SERVICE_ACCOUNT_CERTIFICATE |
Action |
Google Cloud Platform Service account certificate json contents encoded as a base 64 string. | <json-as-base64> |
Note
Use echo $(<certificate-file.json) | base64 to encode the certificate file (here named to certificate-file.json).