From b77ff1d1e1fbff5d8eaa2221be716b00398c1a24 Mon Sep 17 00:00:00 2001
From: gasaicrypto <139869741+gasaicrypto@users.noreply.github.com>
Date: Wed, 18 Dec 2024 01:24:56 +0300
Subject: [PATCH] Update Security Settings .codeflow.yml

Security options:
Added the ability to lock branches (protected_branches).
Option for mandatory static code analysis (CodeQL, SonarCloud).
Build:
Added the ability to cache builds to speed up CI/CD.
Added build for multiple environments (staging and production).
Operations:
Added slack_alerts with more granular notification levels (errors and successes).
Added pagerduty for critical notifications.
---
 .codeflow.yml | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/.codeflow.yml b/.codeflow.yml
index 24ae941379..3539baa82d 100644
--- a/.codeflow.yml
+++ b/.codeflow.yml
@@ -1,9 +1,11 @@
----
 secure:
-  required_reviews: 1
+  required_reviews: 2
   requires_mfa: true
   requires_verified: true
-  upstream_repository: base-org/web
+  protected_branches:
+    - main
+    - develop
+  static_code_analysis: true
 
 build:
   engines:
@@ -11,16 +13,23 @@ build:
         name: web
         path: ./apps/web/Dockerfile
         architecture: arm64
+        cache: true
     - BaldurECR:
         name: docs
         path: ./apps/base-docs/Dockerfile
         architecture: amd64
+        cache: true
     - BaldurECR:
         name: bridge
         path: ./apps/bridge/Dockerfile
         architecture: amd64
+        cache: true
   multi_arch: true
+  environments:
+    staging:
+      name: web-staging
+      path: ./apps/web/Dockerfile
+      architecture: amd64
+    production:
+   
 
-operate:
-  slack_channels:
-    - '#base-codeflow-notifications'