From e134b396bc88ac2ac23577b33b2112d6713f0b2a Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Tue, 25 Jan 2022 11:01:00 +0100 Subject: [PATCH 1/4] Added a github action for publishing the binaries after building --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd444db2..5a3b0dd8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,3 +112,12 @@ jobs: uses: github/codeql-action/upload-sarif@codeql-bundle-20211208 with: sarif_file: trivy-results.sarif + + - name: Upload binaries to release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: target/connector.war + asset_name: ${{matrix.project_context}}_connector.war + tag: ${{ github.ref }} + overwrite: true \ No newline at end of file From db4bfb2a85415cd363b911c38bae94a6cb4649ee Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Tue, 25 Jan 2022 11:15:59 +0100 Subject: [PATCH 2/4] Added if statement to publish only on develop and masterbranch --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5a3b0dd8..314fdb25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,6 +114,7 @@ jobs: sarif_file: trivy-results.sarif - name: Upload binaries to release + if: ${{ github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master' }} uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} From 282ce4b12aa67bcbb496e9008ef279b0c8d6cce1 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Wed, 26 Jan 2022 09:52:14 +0100 Subject: [PATCH 3/4] Only publish when github has a tag --- .github/workflows/ci.yml | 246 +++++++++++++++++++-------------------- 1 file changed, 123 insertions(+), 123 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 314fdb25..0a393c5b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,124 +1,124 @@ -# This workflow will build a Java project with Maven -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Build with maven and docker - -on: - push: - branches: - - master - - develop - tags: - - 'v*.*.*' - pull_request: - branches: - - master - - develop - -jobs: - build: - runs-on: ubuntu-20.04 - strategy: - matrix: - include: - - project: gbn - project_context: samply - maven_profile: samply - - project: dktk - project_context: dktk - maven_profile: dktk - - project: c4 - project_context: dktk - maven_profile: dktk - services: - postgres: - image: postgres - env: - POSTGRES_DB: share-client-build - POSTGRES_USER: share-client-build - POSTGRES_PASSWORD: share-client-build - POSTGRES_HOST: localhost - ports: - - 5432:5432 - - steps: - - uses: actions/checkout@v2 - - - name: Setup Java - uses: actions/setup-java@v2 - with: - distribution: temurin - java-version: 8 - - - name: Cache Local Maven Repo - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-temurin-8-maven-${{ matrix.maven_profile }}-${{ hashFiles('pom.xml') }} - - - name: Build with Maven - run: mvn -B package -P ${{matrix.maven_profile}},ci-override - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Docker meta - id: docker-meta - uses: docker/metadata-action@v3 - with: - images: | - samply/share-client - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr,prefix=${{matrix.project}}-pr- - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha,format=long,prefix=${{matrix.project}}-sha- - flavor: | - prefix=${{matrix.project}}-,onlatest=true - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: | - PROJECT=${{matrix.project_context}} - push: true - tags: ${{ steps.docker-meta.outputs.tags }} - labels: ${{ steps.docker-meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: samply/share-client:${{matrix.project}}-sha-${{ github.sha }} - format: template - template: '@/contrib/sarif.tpl' - output: trivy-results.sarif - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@codeql-bundle-20211208 - with: - sarif_file: trivy-results.sarif - - - name: Upload binaries to release - if: ${{ github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master' }} - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: target/connector.war - asset_name: ${{matrix.project_context}}_connector.war - tag: ${{ github.ref }} +# This workflow will build a Java project with Maven +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Build with maven and docker + +on: + push: + branches: + - master + - develop + tags: + - 'v*.*.*' + pull_request: + branches: + - master + - develop + +jobs: + build: + runs-on: ubuntu-20.04 + strategy: + matrix: + include: + - project: gbn + project_context: samply + maven_profile: samply + - project: dktk + project_context: dktk + maven_profile: dktk + - project: c4 + project_context: dktk + maven_profile: dktk + services: + postgres: + image: postgres + env: + POSTGRES_DB: share-client-build + POSTGRES_USER: share-client-build + POSTGRES_PASSWORD: share-client-build + POSTGRES_HOST: localhost + ports: + - 5432:5432 + + steps: + - uses: actions/checkout@v2 + + - name: Setup Java + uses: actions/setup-java@v2 + with: + distribution: temurin + java-version: 8 + + - name: Cache Local Maven Repo + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-temurin-8-maven-${{ matrix.maven_profile }}-${{ hashFiles('pom.xml') }} + + - name: Build with Maven + run: mvn -B package -P ${{matrix.maven_profile}},ci-override + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker meta + id: docker-meta + uses: docker/metadata-action@v3 + with: + images: | + samply/share-client + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr,prefix=${{matrix.project}}-pr- + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha,format=long,prefix=${{matrix.project}}-sha- + flavor: | + prefix=${{matrix.project}}-,onlatest=true + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + build-args: | + PROJECT=${{matrix.project_context}} + push: true + tags: ${{ steps.docker-meta.outputs.tags }} + labels: ${{ steps.docker-meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: samply/share-client:${{matrix.project}}-sha-${{ github.sha }} + format: template + template: '@/contrib/sarif.tpl' + output: trivy-results.sarif + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@codeql-bundle-20211208 + with: + sarif_file: trivy-results.sarif + + - name: Upload binaries to release + if: ${{ github.tag != '' }} + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: target/connector.war + asset_name: ${{matrix.project_context}}_connector.war + tag: ${{ github.ref }} overwrite: true \ No newline at end of file From bc1d31ced1e67b16a3042edd00031cb1c32709cd Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Wed, 26 Jan 2022 10:20:14 +0100 Subject: [PATCH 4/4] Add Tag to filename --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a393c5b..72bb3340 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -119,6 +119,6 @@ jobs: with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: target/connector.war - asset_name: ${{matrix.project_context}}_connector.war + asset_name: ${{matrix.project_context}}_connector_${{ github.tag }}.war tag: ${{ github.ref }} overwrite: true \ No newline at end of file