Skip to content
ScaleUp Application CI workflow

Testing new pipeline changes #85

Sign in to view logs

Testing new pipeline changes

Testing new pipeline changes #85

Workflow file for this run

.github/workflows/main.yml at 52fd7b2
name: ScaleUp Application CI workflow
on:
push:
branches:
- '**' # Trigger on any branch push
jobs:
build:
name: Build Stage
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.pull_request.title, '[skip ci]') && !contains(github.event.pull_request.title, '[ci skip]')"
timeout-minutes: 40
env:
NODE_VERSION: 20.15.0
SPRING_OUTPUT_ANSI_ENABLED: DETECT
SPRING_JPA_SHOW_SQL: false
JHI_DISABLE_WEBPACK_LOGS: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20.15.0
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Install Node.js packages
run: npm install
- name: Package application
run: npm run java:jar:prod
backend-test:
name: Backend Test Stage
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Run backend test
run: |
chmod +x mvnw
npm run ci:backend:test
frontend-test:
name: Frontend Test Stage
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20.15.0
- name: Install Node.js packages
run: npm install
- name: Run frontend test
run: npm run ci:frontend:test
sonar:
name: Sonar SAST Scan
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'zulu' # Alternative distribution options are available.
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup
snyk:
name: Vulnerability Scanning with Synk
needs: [backend-test, frontend-test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/maven@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: snyk.sarif
eslint:
name: ESLint Code Quality
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 20.15.0
- name: Install Node.js packages
run: npm install
- name: Install ESLint
run: npm install eslint --save-dev
- name: Run ESLint
run: |
npx eslint . -f json -o eslint-report.json
npx eslint . -f html -o eslint-report.html
- name: Upload ESLint Report
uses: actions/upload-artifact@v4
with:
name: eslint-report
path: |
./eslint-report.json
./eslint-report.html
dast-scan:
name: DAST OWASP ZAP Scans
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@v4
- name: Change script permission
run: |
chmod +x script/zap-script.sh
- name: ZAP scan
run: script/zap-script.sh
- name: Archive production artifacts
uses: actions/upload-artifact@v2
with:
name: zap report
path: |
./zap_baseline_report.html