Merge pull request #44 from sayoungestguy/bug-fixes-haikel #232

Workflow file for this run

	name: ScaleUp Application CI workflow
	on:
	push:
	branches:
	- '**' # Trigger on any branch push
	jobs:
	set-env:
	name: Setup Environment
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: 20.15.0
	- uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17
	- name: Install Node.js packages
	run: npm install
	- name: Cache Node Modules
	uses: actions/cache@v3
	with:
	path: node_modules
	key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-

	package:
	name: Package App
	runs-on: ubuntu-latest
	needs: set-env
	if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.pull_request.title, '[skip ci]') && !contains(github.event.pull_request.title, '[ci skip]')"
	timeout-minutes: 10
	env:
	NODE_VERSION: 20.15.0
	SPRING_OUTPUT_ANSI_ENABLED: DETECT
	SPRING_JPA_SHOW_SQL: false
	JHI_DISABLE_WEBPACK_LOGS: true
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: 20.15.0
	- uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17
	- name: Package application
	run: npm run java:jar:prod
	- name: Upload Build Artifact
	uses: actions/upload-artifact@v4
	with:
	name: packaged-application
	path: \|
	target/*.jar
	target/classes
	retention-days: 1 # Retain the build artifacts for 1 day

	# Push to Docker
	jib-build:
	name: containerize
	runs-on: ubuntu-latest
	needs: package
	env:
	DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17
	- name: Push to Docker registry w/o IT
	run: ./mvnw package -Pprod verify jib:build -Djib.to.image=shenanquek97/scaleup -Djib.to.auth.username=${DOCKER_USERNAME} -Djib.to.auth.password=${DOCKER_PASSWORD} -DskipTests
	if: github.ref != 'refs/heads/main' \|\| github.ref != 'refs/heads/testing-uat'
	- name: Push to Docker registry w IT
	run: ./mvnw package -Pprod verify jib:build -Djib.to.image=shenanquek97/scaleup -Djib.to.auth.username=${DOCKER_USERNAME} -Djib.to.auth.password=${DOCKER_PASSWORD}
	if: github.ref == 'refs/heads/main' \|\| github.ref == 'refs/heads/testing-uat'

	backend-test:
	name: Backend Test Stage
	runs-on: ubuntu-latest
	needs: package
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17
	- name: Run backend test
	run: \|
	chmod +x mvnw
	npm run ci:backend:test
	- name: Upload Backend Test Report
	uses: actions/upload-artifact@v4
	with:
	name: backend-test-report
	path: target/surefire-reports/*.xml
	retention-days: 1

	frontend-test:
	name: Frontend Test Stage
	runs-on: ubuntu-latest
	needs: package
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: 20.15.0
	- name: Install Node.js Packages
	run: npm install
	- name: Run frontend test
	run: npm run ci:frontend:test
	- name: Upload Frontend Test Report
	uses: actions/upload-artifact@v4
	with:
	name: jest-test-reports
	path: ./target/test-results/TESTS-results-jest.xml # Adjusted to match your Jest output configuration
	retention-days: 1

	sonar:
	name: Sonar SAST Scan
	runs-on: ubuntu-latest
	needs: [backend-test, frontend-test]
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 1 # Shallow clones should be disabled for a better relevancy of analysis
	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	java-version: 17
	distribution: 'zulu' # Alternative distribution options are available.
	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@v3
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2
	- name: Build and analyze
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	if: github.ref != 'refs/heads/main'
	run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup
	- name: Build and analyze for main
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	if: github.ref == 'refs/heads/main'
	run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup #-Dsonar.qualitygate.wait=true
	snyk:
	name: Vulnerability Scanning with Synk
	needs: [backend-test, frontend-test]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@master
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/maven@master
	continue-on-error: true # To make sure that SARIF upload gets called
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	args: --sarif-file-output=snyk.sarif
	# - name: Upload result to GitHub Code Scanning
	# uses: github/codeql-action/upload-sarif@v3
	# with:
	# sarif_file: snyk.sarif

	dast-scan:
	name: DAST OWASP ZAP Scans
	runs-on: ubuntu-latest
	needs: [backend-test, frontend-test]
	steps:
	- uses: actions/checkout@v4
	- name: Change script permission
	run: \|
	chmod +x script/zap-script.sh
	- name: ZAP scan
	run: script/zap-script.sh
	- name: Archive production artifacts
	uses: actions/upload-artifact@v4
	with:
	name: zap report
	path: \|
	./zap_baseline_report.html
	retention-days: 1

	deploy-to-sit:
	name: Deploy to SIT
	needs: jib-build
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/testing-sit' # Only apply changes on sit branch
	env:
	DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	steps:
	- name: Deploy to EC2
	uses: appleboy/ssh-action@master
	with:
	host: ec2-52-77-34-58.ap-southeast-1.compute.amazonaws.com # Change this to SIT host
	username: ubuntu
	key: ${{ secrets.EC2_PRIVATE_KEY }}
	port: 22
	script: \|
	sudo docker pull ${{ secrets.DOCKER_USERNAME }}/scaleup:latest
	if [ "$(sudo docker ps -q -f name=scaleUp)" ]; then
	sudo docker stop scaleUp
	sudo docker rm scaleUp
	elif [ "$(sudo docker ps -a -q -f name=scaleUp)" ]; then
	sudo docker rm scaleUp
	fi
	sudo docker run -d -p 8080:8080 --name scaleUp ${{ secrets.DOCKER_USERNAME }}/scaleup:latest

	deploy-to-main:
	name: Deploy to Production
	needs: [jib-build, dast-scan, snyk, sonar]
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main' # Only apply changes on main branch
	env:
	DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	steps:
	- name: Deploy to EC2
	uses: appleboy/ssh-action@master
	with:
	host: ec2-54-255-11-22.ap-southeast-1.compute.amazonaws.com # Change to Prod host
	username: ubuntu
	key: ${{ secrets.EC2_PRIVATE_KEY_PROD }}
	port: 22
	script: \|
	sudo docker pull ${{ secrets.DOCKER_USERNAME }}/scaleup:latest
	if [ "$(sudo docker ps -q -f name=scaleUp)" ]; then
	sudo docker stop scaleUp
	sudo docker rm scaleUp
	elif [ "$(sudo docker ps -a -q -f name=scaleUp)" ]; then
	sudo docker rm scaleUp
	fi
	sudo docker run -d -p 8080:8080 --name scaleUp ${{ secrets.DOCKER_USERNAME }}/scaleup:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #44 from sayoungestguy/bug-fixes-haikel #232

Workflow file

Merge pull request #44 from sayoungestguy/bug-fixes-haikel #232

Jobs

Run details

Workflow file for this run