Skip to content

chore: [SRTP-114] create pipeline ci #4

chore: [SRTP-114] create pipeline ci

chore: [SRTP-114] create pipeline ci #4

Workflow file for this run

name: Continuous Integration
on:
workflow_dispatch:
pull_request:
branches:
- main
types:
- opened
- edited
- synchronize
# paths:
# - 'src/*'
env:
DOCKERFILE: src/main/docker/Dockerfile
jobs:
scan-sonar:
runs-on: ubuntu-22.04
environment: ci
steps:
- name: "Checkout the source code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
with:
fetch-depth: 0
- name: "Set up JDK 21"
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
java-version: 21
distribution: temurin
- name: "Cache Gradle packages"
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: "Cache SonarCloud packages"
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: "Build and analyze"
run: ./gradlew build jacocoTestReport sonar --info
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
scan-cve:
runs-on: ubuntu-22.04
steps:
- name: "Checkout the source code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
with:
fetch-depth: 0
- name: "Build the Docker image"
run: docker build . --file ${{ env.DOCKERFILE }} --target cve --tag localbuild/testimage:latest
- name: "Run the Trivy scan action itself with GitHub Advanced Security code scanning integration enabled"
id: scan
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
with:
image-ref: "localbuild/testimage:latest"
format: 'sarif'
output: 'results.sarif'
- name: "Upload Anchore Scan Report"
uses: github/codeql-action/upload-sarif@cbe18979603527f12c7871a6eb04833ecf1548c7 # CodeQL Bundle v2.19.3
with:
sarif_file: 'results.sarif'