Merge pull request #453 from catenax-ng/feature/420-add-contractagree… #543

Workflow file for this run

.github/workflows/irs-build.yml at 2325052

	name: IRS build

	on:
	workflow_dispatch: # Trigger manually
	pull_request:
	paths-ignore:
	- '*/.md'
	- '*/.txt'
	- 'charts/**'
	- '.config/**'
	- 'docs/**'
	- 'local/**'
	- 'CHANGELOG.md'
	push:
	branches:
	- main
	tags:
	- '**'


	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache maven packages
	uses: actions/cache@v3
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Build with Maven
	run: \|
	mvn clean verify --batch-mode

	analyze_with_Sonar:
	# No need to run if we cannot use the sonar token
	if: >-
	(github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository) &&
	github.actor != 'dependabot[bot]'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache maven packages
	uses: actions/cache@v3
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Analyze with Sonar
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	mvn --batch-mode --update-snapshots verify \
	org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
	-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \
	-Dcheckstyle.skip -Dpmd.skip=true

	build_images:
	strategy:
	matrix:
	image:
	- irs-api
	runs-on: ubuntu-latest
	outputs:
	image-tag: ${{ steps.version.outputs.image_tag }}
	steps:
	- uses: actions/checkout@v4

	- name: Build image to make sure Dockerfile is valid
	run: \|
	# RUN --mount=type=cache is used in the IRS Dockerfile to cache directories for maven.
	# And the --mount option requires BuildKit.
	DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest .

	- name: Set image version
	id: version
	run: \|
	# Strip git ref prefix from version
	VERSION=$(echo "${{ github.ref }}" \| sed -e 's,./$.$,\1,')
	# Strip "v" prefix from tag name
	[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION \| sed -e 's/^v//')
	# Support PR ref versions
	[[ "${{ github.ref }}" == "refs/pull/"* ]] && VERSION=PR-$(echo "${{ github.ref }}" \| sed -e 's,./$.$/merge,\1,')
	# Use Docker `latest` tag convention
	[ "$VERSION" == "main" ] && VERSION=latest
	echo VERSION=$VERSION
	echo "::set-output name=image_tag::$VERSION"

	- name: Log in to registry
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: >-
	env.DOCKER_HUB_USER == '' &&
	(github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository) &&
	github.actor != 'dependabot[bot]'
	# This is where you will update the PAT to GITHUB_TOKEN
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Push image (GHCR)
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: >-
	env.DOCKER_HUB_USER == '' &&
	(github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository) &&
	github.actor != 'dependabot[bot]'
	run: \|
	IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}
	# Change all uppercase to lowercase
	IMAGE_ID=$(echo $IMAGE_ID \| tr '[A-Z]' '[a-z]')
	echo IMAGE_ID=$IMAGE_ID

	docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }}
	docker push $IMAGE_ID:${{ steps.version.outputs.image_tag }}

	docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA
	docker push $IMAGE_ID:$GITHUB_SHA

	- name: Login to Docker Hub
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER != ''
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Push image (DockerHub)
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	IMAGE_NAMESPACE: tractusx
	IMAGE_NAME: irs-api
	if: env.DOCKER_HUB_USER != ''
	run: \|
	docker tag ${{ matrix.image }} ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }}
	docker push ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }}

	# https://github.com/peter-evans/dockerhub-description
	- name: Update Docker Hub description
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	IMAGE_NAMESPACE: tractusx
	IMAGE_NAME: irs-api
	if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request'
	uses: peter-evans/dockerhub-description@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}
	repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
	readme-filepath: ./DOCKER_NOTICE.md

	trigger-trivy-image-scan:
	if: >-
	github.event_name != 'pull_request'
	needs:
	- build_images
	uses: ./.github/workflows/trivy-docker-hub-scan.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #453 from catenax-ng/feature/420-add-contractagree… #543

Workflow file

Merge pull request #453 from catenax-ng/feature/420-add-contractagree… #543

Jobs

Run details

Workflow file for this run