java

Merge remote-tracking branch 'origin/feature/3-add-task-runner-to-jav… #23

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: java

	on:
	push:
	branches:
	- main
	- develop
	- feature/**
	pull_request:
	branches:
	- main
	- develop
	- feature/**

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ vars.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}

	- name: Cache Docker layers
	uses: actions/cache@v3
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Setup Task
	uses: arduino/setup-task@v2
	with:
	version: 3.x
	repo-token: ${{ secrets.GH_TOKEN }}

	- name: Setup Dockle
	run: \|
	VERSION=$(
	curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" \| \
	grep '"tag_name":' \| \
	sed -E 's/."v([^"]+)"./\1/' \
	) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
	sudo dpkg -i dockle.deb && rm dockle.deb

	- name: Setup Trivy
	run: \|
	sudo apt-get install wget apt-transport-https gnupg
	wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| gpg --dearmor \| sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
	echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" \| sudo tee -a /etc/apt/sources.list.d/trivy.list
	sudo apt-get update
	sudo apt-get install trivy

	- name: Build Java Image
	run: docker buildx build \
	--platform linux/amd64,linux/arm64 \
	--tag java:21-graalvm \
	--file java/Dockerfile \
	--output type=docker \
	--cache-to=type=inline \
	--cache-from=type=local,src=/tmp/.buildx-cache \
	.

	- name: Verify the built image follows the best practises
	run: task java:verify

	- name: Scan the built image for vulnerabilities
	run: task java:scan

	- name: Push the built image to docker hub
	run: task java:push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge remote-tracking branch 'origin/feature/3-add-task-runner-to-jav… #23

Workflow file

Merge remote-tracking branch 'origin/feature/3-add-task-runner-to-jav… #23

Jobs

Run details

Workflow file for this run