Update CICD.yml #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| name: Java CI with Maven | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Build with Maven | |
| run: mvn -B package --file pom.xml | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: RecipeApp | |
| path: target/*.jar | |
| - name: Print Environment Variables | |
| run: env | |
| - name: Install Trivy | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y wget apt-transport-https gnupg lsb-release | |
| sudo wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install -y trivy | |
| # Run Trivy scan | |
| - name: Run Trivy scan | |
| run: | | |
| trivy --version | |
| trivy fs --format table -o trivy-fs-report.html . | |
| - name: Build and Run SonarQube | |
| run: | | |
| docker run -d --name sonarqube -p 9000:9000 sonarqube:latest | |
| docker ps | |
| docker inspect -f '{{ .NetworkSettings.IPAddress }}' sonarqube | |
| # Execute SonarQube scan using the official action | |
| - name: Official SonarQube Scan | |
| uses: SonarSource/[email protected] | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: http://localhost:9000 | |
| - name: SonarQube Scan | |
| uses: sonarsource/sonarqube-scan-action@master | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: http://172.17.0.2:9000 | |
| - name: Install jq | |
| run: sudo apt-get update && sudo apt-get install -y jq | |
| - name: SonarQube Quality Gate check | |
| id: sonarqube-quality-gate-check | |
| uses: sonarsource/sonarqube-quality-gate-action@master | |
| timeout-minutes: 5 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker Image | |
| run: | | |
| docker build -t chaden/recipeapp:latest . | |
| - name: Trivy Image Scan | |
| run: | | |
| trivy image --format table -o trivy-image-report.html chaden/recipeapp:latest | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push Docker Image | |
| run: | | |
| docker push chaden/recipeapp:latest | |
| - name: Kubectl Action | |
| uses: tale/kubectl-action@v1 | |
| with: | |
| base64-kube-config: ${{ secrets.KUBE_CONFIG }} | |
| - run: | | |
| kubectl apply -f deployment-service.yml -n webapps | |
| kubectl get svc -n webapps | |
| # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive | |
| - name: Update dependency graph | |
| uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 |