-
Notifications
You must be signed in to change notification settings - Fork 22
170 lines (149 loc) · 5.33 KB
/
irs-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: IRS build
on:
workflow_dispatch: # Trigger manually
pull_request:
paths-ignore:
- '**/*.md'
- '**/*.txt'
- 'charts/**'
- '.config/**'
- 'docs/**'
- '!docs/src/api/**'
- 'local/**'
- 'CHANGELOG.md'
push:
branches:
- main
tags:
- '**'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: |
mvn clean verify --batch-mode
check_sonar_configured:
runs-on: ubuntu-latest
steps:
- name: check_sonar_configured
run: |
echo "Checking if sonar is configured: ${{ env.SONAR_CONFIGURED }}"
env:
SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}
outputs:
sonar_configured: ${{ env.SONAR_CONFIGURED }}
analyze_with_Sonar:
needs: [check_sonar_configured]
# No need to run if we cannot use the sonar token
if: >-
needs.check_sonar_configured.outputs.sonar_configured == 'true'
&& (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
&& github.actor != 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Analyze with Sonar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn --batch-mode --update-snapshots verify \
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \
-Dcheckstyle.skip -Dpmd.skip=true
build_images:
env:
IMAGE_NAMESPACE: tractusx
IMAGE_NAME: irs-api
TARGET_PLATFORMS: "linux/amd64" # add 'linux/arm64' once the upgrade to JDK 21 is done
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.version.outputs.image_tag }}
steps:
- uses: actions/checkout@v4
# Needed to create multi-platform image
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Needed to create multi-platform image
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# Create SemVer or ref tags dependent of trigger event
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
# Automatically prepare image tags; See action docs for more examples.
# semver patter will generate tags like these for example :1 :1.2 :1.2.3
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix=,format=long
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
- name: DockerHub login
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
# Use existing DockerHub credentials present as secrets
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
# Needed to create multi-platform image
platforms: ${{ env.TARGET_PLATFORMS }}
# Build image for verification purposes on every trigger event. Only push if event is not a PR
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# https://github.com/peter-evans/dockerhub-description
- name: Update Docker Hub description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
readme-filepath: ./DOCKER_NOTICE.md
trigger-trivy-image-scan:
if: github.event_name != 'pull_request'
needs:
- build_images
uses: ./.github/workflows/trivy-docker-hub-scan.yml