36 lines
734 B
YAML
36 lines
734 B
YAML
kind: WavePipeline
|
|
metadata:
|
|
name: ops-release-harden
|
|
description: "Security scan, branch on severity, apply hotfixes, generate changelog"
|
|
category: composition
|
|
release: true
|
|
|
|
input:
|
|
source: cli
|
|
example: "v1.0.0"
|
|
schema:
|
|
type: string
|
|
description: "Release version or branch to harden"
|
|
|
|
steps:
|
|
- id: scan
|
|
pipeline: audit-security
|
|
input: "{{input}}"
|
|
|
|
- id: triage
|
|
dependencies: [scan]
|
|
branch:
|
|
on: "{{scan.output.risk_level}}"
|
|
cases:
|
|
critical: impl-hotfix
|
|
high: impl-hotfix
|
|
medium: impl-improve
|
|
low: skip
|
|
|
|
- id: gate
|
|
dependencies: [triage]
|
|
gate:
|
|
type: approval
|
|
message: "Review security fixes before release"
|
|
timeout: "4h"
|