diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd444db2..72bb3340 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,114 +1,124 @@ -# This workflow will build a Java project with Maven -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Build with maven and docker - -on: - push: - branches: - - master - - develop - tags: - - 'v*.*.*' - pull_request: - branches: - - master - - develop - -jobs: - build: - runs-on: ubuntu-20.04 - strategy: - matrix: - include: - - project: gbn - project_context: samply - maven_profile: samply - - project: dktk - project_context: dktk - maven_profile: dktk - - project: c4 - project_context: dktk - maven_profile: dktk - services: - postgres: - image: postgres - env: - POSTGRES_DB: share-client-build - POSTGRES_USER: share-client-build - POSTGRES_PASSWORD: share-client-build - POSTGRES_HOST: localhost - ports: - - 5432:5432 - - steps: - - uses: actions/checkout@v2 - - - name: Setup Java - uses: actions/setup-java@v2 - with: - distribution: temurin - java-version: 8 - - - name: Cache Local Maven Repo - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-temurin-8-maven-${{ matrix.maven_profile }}-${{ hashFiles('pom.xml') }} - - - name: Build with Maven - run: mvn -B package -P ${{matrix.maven_profile}},ci-override - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Docker meta - id: docker-meta - uses: docker/metadata-action@v3 - with: - images: | - samply/share-client - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr,prefix=${{matrix.project}}-pr- - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha,format=long,prefix=${{matrix.project}}-sha- - flavor: | - prefix=${{matrix.project}}-,onlatest=true - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: | - PROJECT=${{matrix.project_context}} - push: true - tags: ${{ steps.docker-meta.outputs.tags }} - labels: ${{ steps.docker-meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: samply/share-client:${{matrix.project}}-sha-${{ github.sha }} - format: template - template: '@/contrib/sarif.tpl' - output: trivy-results.sarif - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@codeql-bundle-20211208 - with: - sarif_file: trivy-results.sarif +# This workflow will build a Java project with Maven +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Build with maven and docker + +on: + push: + branches: + - master + - develop + tags: + - 'v*.*.*' + pull_request: + branches: + - master + - develop + +jobs: + build: + runs-on: ubuntu-20.04 + strategy: + matrix: + include: + - project: gbn + project_context: samply + maven_profile: samply + - project: dktk + project_context: dktk + maven_profile: dktk + - project: c4 + project_context: dktk + maven_profile: dktk + services: + postgres: + image: postgres + env: + POSTGRES_DB: share-client-build + POSTGRES_USER: share-client-build + POSTGRES_PASSWORD: share-client-build + POSTGRES_HOST: localhost + ports: + - 5432:5432 + + steps: + - uses: actions/checkout@v2 + + - name: Setup Java + uses: actions/setup-java@v2 + with: + distribution: temurin + java-version: 8 + + - name: Cache Local Maven Repo + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-temurin-8-maven-${{ matrix.maven_profile }}-${{ hashFiles('pom.xml') }} + + - name: Build with Maven + run: mvn -B package -P ${{matrix.maven_profile}},ci-override + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker meta + id: docker-meta + uses: docker/metadata-action@v3 + with: + images: | + samply/share-client + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr,prefix=${{matrix.project}}-pr- + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha,format=long,prefix=${{matrix.project}}-sha- + flavor: | + prefix=${{matrix.project}}-,onlatest=true + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + build-args: | + PROJECT=${{matrix.project_context}} + push: true + tags: ${{ steps.docker-meta.outputs.tags }} + labels: ${{ steps.docker-meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: samply/share-client:${{matrix.project}}-sha-${{ github.sha }} + format: template + template: '@/contrib/sarif.tpl' + output: trivy-results.sarif + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@codeql-bundle-20211208 + with: + sarif_file: trivy-results.sarif + + - name: Upload binaries to release + if: ${{ github.tag != '' }} + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: target/connector.war + asset_name: ${{matrix.project_context}}_connector_${{ github.tag }}.war + tag: ${{ github.ref }} + overwrite: true \ No newline at end of file