-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (146 loc) · 4.62 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: ScaleUp Application CI workflow
on: [push, pull_request]
jobs:
build:
name: Build Stage
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.pull_request.title, '[skip ci]') && !contains(github.event.pull_request.title, '[ci skip]')"
timeout-minutes: 40
env:
NODE_VERSION: 20.15.0
SPRING_OUTPUT_ANSI_ENABLED: DETECT
SPRING_JPA_SHOW_SQL: false
JHI_DISABLE_WEBPACK_LOGS: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20.15.0
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Install Node.js packages
run: npm install
- name: Package application
run: npm run java:jar:prod
backend-test:
name: Backend Test Stage
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Run backend test
run: |
chmod +x mvnw
npm run ci:backend:test
frontend-test:
name: Frontend Test Stage
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20.15.0
- name: Install Node.js packages
run: npm install
- name: Run frontend test
run: npm run ci:frontend:test
sonar:
name: Sonar SAST Scan
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'zulu' # Alternative distribution options are available.
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup
snyk:
name: Vulnerability Scanning with Synk
needs: [backend-test, frontend-test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/maven@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: snyk.sarif
eslint:
name: ESLint Code Quality
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 20.15.0
- name: Install Node.js packages
run: npm install
- name: Install ESLint
run: npm install eslint --save-dev
- name: Run ESLint
run: |
npx eslint . -f json -o eslint-report.json
npx eslint . -f html -o eslint-report.html
- name: Upload ESLint Report
uses: actions/upload-artifact@v4
with:
name: eslint-report
path: |
./eslint-report.json
./eslint-report.html
dast-scan:
name: DAST OWASP ZAP Scans
runs-on: ubuntu-latest
needs: [backend-test, frontend-test]
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@v2
- name: Change script permission
run: |
chmod +x script/zap-script.sh
- name: ZAP scan
run: script/zap-script.sh
- name: Archive production artifacts
uses: actions/upload-artifact@v2
with:
name: zap report
path: |
./zap_baseline_report.html