From f058a306405e274722c8f1b8dd18a308e4db8169 Mon Sep 17 00:00:00 2001
From: red512 <59205478+red512@users.noreply.github.com>
Date: Wed, 26 Nov 2025 11:29:57 +0200
Subject: [PATCH 1/3] changing directories structure

---
 .github/workflows/cd.yaml | 2 +-
 argocd/app-vimex.yaml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index 2933e00..84c4049 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -140,7 +140,7 @@ jobs:
           git clone git@github.com:red512/vimex-gitops.git
           cd vimex-gitops
           
-          VALUES_FILE="gitops/environments/$ENVIRONMENT/backend-helm-chart/values.yaml"
+          VALUES_FILE="gitops/backend-helm-chart/values.yaml"
           sed -i "s/tag: v[0-9]\+\.[0-9]\+\.[0-9]\+/tag: v$NEW_VERSION/" "$VALUES_FILE"
           sed -i "s/tag: manual-.*/tag: v$NEW_VERSION/" "$VALUES_FILE"
           sed -i "s/tag: v.*/tag: v$NEW_VERSION/" "$VALUES_FILE"
diff --git a/argocd/app-vimex.yaml b/argocd/app-vimex.yaml
index 8c5f928..ff75b93 100644
--- a/argocd/app-vimex.yaml
+++ b/argocd/app-vimex.yaml
@@ -11,7 +11,7 @@ spec:
   source:
     repoURL: https://github.com/red512/vimex-gitops
     targetRevision: HEAD
-    path: gitops/environments/staging/apps
+    path: gitops/apps
   destination:
     server: https://kubernetes.default.svc
   syncPolicy:

From 1a7327baa5e02cad367619f794e28c194f731d3c Mon Sep 17 00:00:00 2001
From: red512 <59205478+red512@users.noreply.github.com>
Date: Thu, 27 Nov 2025 18:41:38 +0200
Subject: [PATCH 2/3] test ci

---
 be-flask/app.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/be-flask/app.py b/be-flask/app.py
index a5e93db..7421926 100644
--- a/be-flask/app.py
+++ b/be-flask/app.py
@@ -174,3 +174,4 @@ def get_status(task_id):
 if __name__ == '__main__':
     app.run()
 
+

From 080ecdc51ebd738f50eccfb1ac93058719e03926 Mon Sep 17 00:00:00 2001
From: red512 <59205478+red512@users.noreply.github.com>
Date: Fri, 28 Nov 2025 12:23:15 +0200
Subject: [PATCH 3/3] added checkov for terraform

---
 .github/workflows/ci.yaml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e99df11..f035c97 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -3,7 +3,7 @@ name: CI Pipeline
 on:
   pull_request:
     branches: ['main']  # Run on PRs to main
-    paths: ['be-flask/**']
+    paths: ['be-flask/**', 'terraform/**']
   workflow_dispatch:
 
 jobs:
@@ -184,7 +184,21 @@ jobs:
             echo '```' >> $GITHUB_STEP_SUMMARY
             VULNS_FOUND=true
           fi
-          
+
+          # Checkov
+          cd ..
+          echo "### 🔒 Checkov (Terraform) Results" >> $GITHUB_STEP_SUMMARY
+          pip install checkov
+          if checkov --framework terraform --directory terraform --quiet --compact; then
+            echo "✅ No security issues found" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "⚠️ Security issues found in Terraform configuration" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            checkov --framework terraform --directory terraform --compact >> $GITHUB_STEP_SUMMARY || true
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            VULNS_FOUND=true
+          fi
+
           echo "has-vulnerabilities=$VULNS_FOUND" >> $GITHUB_OUTPUT
 
   notify: