Build Snapshot Worker #1671
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Worker which is dispatched from build-snapshot-controller workflow. | |
name: Build Snapshot Worker | |
on: | |
workflow_dispatch: | |
inputs: | |
build-zoo-handler: | |
description: 'Build Zoo Handler Payload' | |
required: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: '8' | |
distribution: 'liberica' | |
- uses: jvalkeal/setup-maven@v1 | |
with: | |
maven-version: 3.8.8 | |
maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/' | |
- uses: jfrog/setup-jfrog-cli@v3 | |
env: | |
JF_URL: 'https://repo.spring.io' | |
JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} | |
# cache maven .m2 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-m2- | |
# target deploy repos | |
- name: Configure JFrog Cli | |
run: | | |
jfrog rt mvnc \ | |
--server-id-resolve=${{ vars.JF_SERVER_ID }} \ | |
--server-id-deploy=${{ vars.JF_SERVER_ID }} \ | |
--repo-resolve-releases=libs-milestone \ | |
--repo-resolve-snapshots=libs-snapshot \ | |
--repo-deploy-releases=libs-release-local \ | |
--repo-deploy-snapshots=libs-snapshot-local | |
echo JFROG_CLI_BUILD_NAME=spring-cloud-deployer-2-9-x >> $GITHUB_ENV | |
echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV | |
# zoo extract and ensure | |
- name: Extract Zoo Context Properties | |
uses: jvalkeal/build-zoo-handler@v0.0.4 | |
with: | |
dispatch-handler-extract-context-properties: true | |
# build and publish to configured target | |
- name: Build and Publish | |
run: | | |
jfrog rt mvn -U -B clean install -T 0.5C | |
jfrog rt build-publish | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildname=spring-cloud-deployer-2-9-x >> $GITHUB_ENV | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildnumber=$GITHUB_RUN_NUMBER >> $GITHUB_ENV | |
- name: Test Report | |
uses: dorny/test-reporter@v1 | |
if: ${{ success() || failure() }} | |
with: | |
name: Unit Test - Report | |
path: '**/surefire-reports/*.xml' | |
reporter: java-junit | |
list-tests: 'failed' | |
# zoo success | |
- name: Notify Build Success Zoo Handler Controller | |
uses: jvalkeal/build-zoo-handler@v0.0.4 | |
with: | |
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }} | |
dispatch-handler-client-payload-data: > | |
{ | |
"event": "build-succeed" | |
} | |
# zoo failure | |
- name: Notify Build Failure Zoo Handler Controller | |
if: ${{ failure() }} | |
uses: jvalkeal/build-zoo-handler@v0.0.4 | |
with: | |
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }} | |
dispatch-handler-client-payload-data: > | |
{ | |
"event": "build-failed", | |
"message": "spring-cloud-deployer failed" | |
} | |
# clean m2 cache | |
- name: Clean cache | |
run: | | |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr | |
scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL,HIGH' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: 'Scanned' | |
shell: bash | |
run: echo "::info ::Scanned" | |
done: | |
runs-on: ubuntu-latest | |
needs: [ scan, build ] | |
steps: | |
- name: 'Done' | |
shell: bash | |
run: echo "::info ::Done" |