Merge branch 'main' into standard-roles-revisited

Author: garloff

.github/scs-compliance-check/openstack/clouds.yaml

@@ -71,14 +71,45 @@ clouds:
     #region_name: "MUC"
     auth:
       auth_url: https://api.dc1.muc.cloud.cnds.io:5000/
-      application_credential_id: "f3102a98821641c19d8ea762dc64b0b0"
+      application_credential_id: "39a5bf194c6e4b0d8348d28e55136750"
       #project_id: 225a7363dab74b69aa1e3f744aced109
+  poc-kdo:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    auth:
+      auth_url: https://keystone.services.poc-kdo.fitko.sovereignit.cloud
+      application_credential_id: "248684b7a3da4dc786fbe65592f165be"
+    region_name: "RegionOne"
   poc-wgcloud:
     interface: public
     identity_api_verion: 3
     auth_type: "v3applicationcredential"
     #region_name: default
     auth:
-      auth_url: https://identity.l1.cloudandheat.com/v3
-      application_credential_id: "b4844a0fb23247149997bf0ff2c0b156"
-      #project_id: 9adb8fc81ba345178654cee5cb7f1464
+      auth_url: https://identity.l1a.cloudandheat.com/v3
+      application_credential_id: "7ab4e3339ea04255bc131868974cfe63"
+  scaleup-occ2:
+    auth_type: v3applicationcredential
+    auth:
+      auth_url: https://keystone.occ2.scaleup.cloud
+      application_credential_id: "5d2eea4e8bf8448092490b4190d4430a"
+    region_name: "RegionOne"
+    interface: "public"
+    identity_api_version: 3
+  syseleven-dus2:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    region_name: dus2
+    auth:
+      auth_url: https://keystone.cloud.syseleven.net:5000/v3
+      application_credential_id: s11auth
+  syseleven-ham1:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    region_name: ham1
+    auth:
+      auth_url: https://keystone.cloud.syseleven.net:5000/v3
+      application_credential_id: s11auth

.github/workflows/build-docker.yml

@@ -22,23 +22,23 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: "./Tests/"
           push: true

.github/workflows/check-gx-scs-v2.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v2 of pco-prod1"
+name: "Compliance IaaS v4 of pco-prod1"
 
 on:
   # Trigger compliance check every day at 4:30 UTC
@@ -16,7 +16,7 @@ jobs:
   check-pco-prod1:
     uses: ./.github/workflows/scs-compliance-check.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
       cloud: "pco-prod1"
       secret_name: "OS_PASSWORD_PCOPROD1"

.github/workflows/check-pco-prod1-v2.yml .github/workflows/check-pco-prod1-v4.yml.github/workflows/check-pco-prod1-v2.yml renamed to .github/workflows/check-pco-prod1-v4.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v2 of regio-a"
+name: "Compliance IaaS v4 of poc-kdo"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:22 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '22 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-regio-a:
+  check-poc-kdo:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "regio-a"
-      secret_name: "OS_PASSWORD_REGIO_A"
+      cloud: "poc-kdo"
+      secret_name: "OS_PASSWORD_POC_KDO"
     secrets: inherit

.github/workflows/check-regio-a-v2.yml .github/workflows/check-poc-kdo-v4.yml.github/workflows/check-regio-a-v2.yml renamed to .github/workflows/check-poc-kdo-v4.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v4 of poc-wgcloud.osba"
+name: "Compliance IaaS v3 of poc-wgcloud.osba"
 
 on:
   # Trigger compliance check every day at 4:12 UTC

.github/workflows/check-poc-wgcloud-v3.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v2 of pco-prod4"
+name: "Compliance IaaS v4 of scaleup-occ2"
 
 on:
   # Trigger compliance check every day at 4:30 UTC
@@ -11,13 +11,13 @@ on:
       - completed
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
-
+  
 jobs:
-  check-pco-prod4:
+  check-scaleup-occ2:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "pco-prod4"
-      secret_name: "OS_PASSWORD_PCOPROD4"
+      cloud: scaleup-occ2
+      secret_name: OS_PASSWORD_SCALEUP_OCC2
     secrets: inherit

.github/workflows/check-pco-prod4-v2.yml …thub/workflows/check-scaleup-occ2-v4.yml.github/workflows/check-pco-prod4-v2.yml renamed to .github/workflows/check-scaleup-occ2-v4.yml .github/workflows/check-pco-prod4-v2.yml renamed to .github/workflows/check-scaleup-occ2-v4.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v2 of pco-prod3"
+name: "Compliance IaaS v3 of syseleven dus2 region"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:08 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '08 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-pco-prod3:
+  check-syseleven-dus2:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v3
       layer: iaas
-      cloud: "pco-prod3"
-      secret_name: "OS_PASSWORD_PCOPROD3"
+      cloud: "syseleven-dus2"
+      secret_name: "OS_PASSWORD_SYSELEVEN_DUS2"
     secrets: inherit

.github/workflows/check-pco-prod3-v2.yml …ub/workflows/check-syseleven-dus2-v3.yml.github/workflows/check-pco-prod3-v2.yml renamed to .github/workflows/check-syseleven-dus2-v3.yml .github/workflows/check-pco-prod3-v2.yml renamed to .github/workflows/check-syseleven-dus2-v3.yml

@@ -1,23 +1,23 @@
-name: "Compliance IaaS v2 of pco-prod2"
+name: "Compliance IaaS v4 of syseleven dus2 region"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:10 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '10 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
     types:
       - completed
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
-  
+
 jobs:
-  check-pco-prod2:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-syseleven-dus2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "pco-prod2"
-      secret_name: "OS_PASSWORD_PCOPROD2"
+      cloud: "syseleven-dus2"
+      secret_name: "OS_PASSWORD_SYSELEVEN_DUS2"
     secrets: inherit

.github/workflows/check-pco-prod2-v2.yml …ub/workflows/check-syseleven-dus2-v4.yml.github/workflows/check-pco-prod2-v2.yml renamed to .github/workflows/check-syseleven-dus2-v4.yml .github/workflows/check-pco-prod2-v2.yml renamed to .github/workflows/check-syseleven-dus2-v4.yml

@@ -0,0 +1,23 @@
+name: "Compliance IaaS v3 of syseleven ham1 region"
+
+on:
+  # Trigger compliance check every day at 4:09 UTC
+  schedule:
+    - cron:  '09 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-syseleven-ham1:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v3
+      layer: iaas
+      cloud: "syseleven-ham1"
+      secret_name: "OS_PASSWORD_SYSELEVEN_HAM1"
+    secrets: inherit