generated from GenomicDataInfrastructure/oss-project-template
-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (117 loc) · 4.06 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# SPDX-FileCopyrightText: 2024 PNED G.I.E.
#
# SPDX-License-Identifier: Apache-2.0
name: Publish main
on:
workflow_run:
workflows: ["Run Tests"]
branches: [main]
types:
- completed
env:
REGISTRY: ghcr.io
IMAGE_NAME: ghcr.io/genomicdatainfrastructure/gdi-userportal-dataset-discovery-service
AZURE_WEBAPP_NAME: dataset-discovery-service-test
REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }}
BUILD_DATE: ""
jobs:
ort:
strategy:
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: "true"
fail-on: "issues"
run: "cache-dependencies,cache-scan-results,labels,analyzer,evaluator,advisor,reporter,upload-results"
publish-docker-image:
runs-on: ubuntu-latest
needs: ort
permissions:
contents: read
packages: write
steps:
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up GraalVM JDK 21
uses: graalvm/setup-graalvm@v1
with:
java-version: "21"
- name: Checkout repository
uses: actions/checkout@v4
- name: Set BUILD_DATE
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
- name: Build project
run: mvn package -Dnative
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_NAME }}
tags: |
type=schedule,priority=400
type=ref,event=branch,priority=600
type=ref,event=pr,priority=500
type=semver,pattern={{version}},priority=700
type=semver,pattern={{major}}.{{minor}},priority=900
type=semver,pattern={{major}},priority=800
type=sha,priority=1000
labels: |
vcs-ref=${{env.GITHUB_SHA}}
build-date=${{env.BUILD_DATE}}
org.opencontainers.image.created=${{env.BUILD_DATE}}
release=${{env.BUILD_DATE}}
version=${{env.GITHUB_REF_NAME}}
org.opencontainers.image.version=${{env.GITHUB_REF_NAME}}
org.opencontainers.image.url=${{env.REPOSITORY_URL}}
org.opencontainers.image.source=${{env.REPOSITORY_URL}}
org.opencontainers.image.documentation=${{env.REPOSITORY_URL}}
help=${{env.REPOSITORY_URL}}
url=${{env.REPOSITORY_URL}}
name=${{env.IMAGE_NAME}}
- name: Extract last tag
id: tag
run: |
IFS=',' read -ra TAGS <<< "${{ steps.meta.outputs.tags }}"
LAST_INDEX=$((${#TAGS[@]} - 1))
echo "last_tag=${TAGS[LAST_INDEX]}" >> $GITHUB_OUTPUT
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: ${{ steps.tag.outputs.last_tag }}
labels: ${{ steps.meta.outputs.labels }}
load: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: "${{ steps.tag.outputs.last_tag }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
images: "${{ steps.tag.outputs.last_tag }}"