Skip to content

Schedule daily Trivy vulnerability scanning #719

Schedule daily Trivy vulnerability scanning

Schedule daily Trivy vulnerability scanning #719

Workflow file for this run

name: YKI
on:
workflow_dispatch:
push:
paths:
- "**"
- "!**/*.md"
# Setting 'branches' has the side effect that just pushing tags does not start workflows.
branches:
- '**'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Prepare Clojure env
uses: ./.github/actions/prepare-clojure-env
- name: Lint src/
run: clj-kondo --fail-level error --lint src/
- name: Lint test/
run: clj-kondo --fail-level error --lint test/
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Prepare Clojure env
uses: ./.github/actions/prepare-clojure-env
- name: Install wkhtmltopdf
run: |
echo 'Updating apt-get package information'
sudo apt-get update
echo 'Installing wkhtmltopdf'
sudo apt-get install wkhtmltopdf
echo 'Installed wkhtmltopdf, check that it works'
wkhtmltopdf --version
echo 'Installation of wkhtmltopdf completed'
shell: bash
- name: Run tests
run: lein test
build:
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Prepare Clojure env
uses: ./.github/actions/prepare-clojure-env
- name: Build uberjar
run: lein uberjar
- uses: actions/cache@v4
id: restore-build
with:
path: target
key: ${{ github.sha }}
deploy:
runs-on: ubuntu-latest
needs: [test, build]
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
id: restore-build
with:
path: target
key: ${{ github.sha }}
- name: Build and deploy Docker image
shell: bash
run: |
git clone -b wkhtmltopdfDockerfile https://github.com/Opetushallitus/ci-tools.git
cat ./ci-tools/build/Dockerfile_wkhtmltopdf_template > ./ci-tools/build/Dockerfile
source ci-tools/common/setup-tools.sh
mv target/yki-*-standalone.jar $DOCKER_BUILD_DIR/artifact/yki.jar
cp -vr oph-configuration $DOCKER_BUILD_DIR/config/
export BASE_IMAGE="baseimage-fatjar-openjdk21:master"
./ci-tools/common/pull-image.sh
./ci-tools/github-build/build-fatjar.sh yki
./ci-tools/github-build/upload-image.sh yki
./ci-tools/common/clean-docker-build-dir.sh