Skip to content

feat(waf): adding a waf to Braze for security #102

feat(waf): adding a waf to Braze for security

feat(waf): adding a waf to Braze for security #102

Workflow file for this run

name: Image API
on:
pull_request:
paths:
- 'infrastructure/image-api/**'
- 'packages/**'
- 'servers/image-api/**'
- 'pnpm-lock.yaml'
- 'Dockerfile'
- '.github/actions/**'
- '.github/workflows/image-api.yml'
- '.github/workflows/reuse-*.yml'
push:
branches:
- main
- dev
paths:
- 'infrastructure/image-api/**'
- 'packages/**'
- 'servers/image-api/**'
- 'pnpm-lock.yaml'
- 'Dockerfile'
- '.github/actions/**'
- '.github/workflows/image-api.yml'
- '.github/workflows/reuse-*.yml'
jobs:
test-integrations:
if: github.event_name == 'pull_request'
uses: ./.github/workflows/reuse-test-integrations.yml
with:
scope: image-api
secrets: inherit
apollo:
uses: ./.github/workflows/reuse-apollo-federation.yml
with:
federated-graph-name: pocket-client-api
graph-name: image-api
schema-file-path: servers/image-api/schema.graphql
prod-graph-url: https://image-api.readitlater.com
dev-graph-url: https://image-api.getpocket.dev
secrets:
apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }}
apollo-admin:
uses: ./.github/workflows/reuse-apollo-federation.yml
with:
federated-graph-name: pocket-admin-api
graph-name: image-api
schema-file-path: servers/image-api/schema.graphql
prod-graph-url: https://image-api.readitlater.com
dev-graph-url: https://image-api.getpocket.dev
secrets:
apollo-key: ${{ secrets.APOLLO_ADMIN_API_KEY }}
infrastructure:
uses: ./.github/workflows/reuse-infrastructure.yml
with:
scope: image-api-cdk
stack-output-path: infrastructure/image-api/cdktf.out/stacks/image-api
secrets: inherit
api:
uses: ./.github/workflows/reuse-build-and-push-image.yml
needs: [infrastructure]
with:
scope: image-api
app-path: servers/image-api
app-port: 4867
sentry-project: image-api
docker-repo-name-pattern: imageapi-{0}-app
terraform-output: ${{needs.infrastructure.outputs.terraform-output}}
secrets: inherit
sentry:
if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main'
uses: ./.github/workflows/reuse-sentry-release.yml
needs: [api]
with:
sentry-project: image-api
sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
secrets: inherit