Production deployment pipeline (e.g., security scanning of Docker image).

Question

Production deployment pipeline (e.g., security scanning of Docker image).

Opened this issue 2 years ago · 0 comments

The current CI pipeline (github actions + gcr) does not support container scanning and the images are not signed. Release notes should also be updated in GCR. This ticket is to upgrade the deployment pipeline to make it more secure and more suitable for production deployments.