Update ci.yml #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- v[0-9]+.[0-9]+.[0-9]+** | |
pull_request: | |
branches: | |
- master | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: tests-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/maven-settings-action@v3.0.0 | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: java | |
queries: security-and-quality | |
- name: Run Tests | |
run: mvn -Pdownload-ontology -B verify | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
- name: Upload Feasibility Backend Jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-jar | |
path: target/feasibilityBackend.jar | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and Export to Docker | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
tags: backend:latest | |
outputs: type=docker,dest=/tmp/feasibilityBackend.tar | |
- name: Upload Feasibility Backend Image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-image | |
path: /tmp/feasibilityBackend.tar | |
security-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: security-scan-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/maven-settings-action@v3.0.0 | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Maven Package | |
run: mvn -Pdownload-ontology -B -DskipTests package | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
tags: security-scan-build:latest | |
push: false | |
- name: Run Trivy Vulnerability Scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: security-scan-build:latest | |
format: sarif | |
output: trivy-results.sarif | |
severity: 'CRITICAL,HIGH' | |
timeout: '15m0s' | |
- name: Upload Trivy Scan Results to GitHub Security Tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: trivy-results.sarif | |
integration-test: | |
needs: tests | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Download Feasibility Backend Image | |
uses: actions/download-artifact@v4 | |
with: | |
name: backend-image | |
path: /tmp | |
- name: Install jq | |
uses: dcarbone/install-jq-action@v1.0.1 | |
- name: Load Feasibility Backend Image | |
run: docker load --input /tmp/feasibilityBackend.tar | |
- name: Download ontology files from github | |
run: .github/scripts/download-and-unpack-ontology.sh | |
- name: Run Feasibility Backend with Database, Keycloak and Blaze | |
run: docker-compose -f .github/integration-test/docker-compose.yml up -d | |
- name: Wait for Feasibility Backend | |
run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health | |
- name: Check if Feasibility Backend is correctly running with the feasibility user | |
run: .github/scripts/check-if-running-as-feasibility-user.sh | |
- name: Wait for Blaze | |
run: .github/scripts/wait-for-url.sh http://localhost:8082/health | |
- name: Load Data | |
run: .github/scripts/load-test-data.sh | |
- name: Wait for Keycloak | |
run: .github/scripts/wait-for-url.sh http://localhost:8083/auth/ | |
- name: Create Test User in Keycloak | |
run: .github/scripts/create-keycloak-user.sh | |
- name: Wait for Flare | |
run: .github/scripts/wait-for-url.sh http://localhost:8092/cache/stats | |
- name: Post Test Query | |
run: .github/scripts/post-test-query.sh | |
- name: Dump docker logs on failure | |
if: failure() | |
uses: jwalton/gh-docker-logs@v2 | |
release: | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: release-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/maven-settings-action@v3.0.0 | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Prepare Version | |
id: prep | |
run: | | |
echo ::set-output name=repository::$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]') | |
echo ::set-output name=version::${GITHUB_REF#refs/tags/v} | |
- name: Maven Package | |
run: mvn -Pdownload-ontology -B -DskipTests package | |
- name: Login to GitHub Docker Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
ghcr.io/${{ steps.prep.outputs.repository }}:latest | |
ghcr.io/${{ steps.prep.outputs.repository }}:${{ steps.prep.outputs.version }} | |
push: true |