Update CICD.yml #51

Workflow file for this run



	name: Java CI with Maven

	on:
	push:
	branches: [ "master" ]
	pull_request:
	branches: [ "master" ]

	jobs:
	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v3
	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: maven


	- name: Build with Maven
	run: mvn -B package --file pom.xml

	- uses: actions/upload-artifact@v4
	with:
	name: RecipeApp
	path: target/*.jar
	- name: Print Environment Variables
	run: env
	- name: Install Trivy
	run: \|
	sudo apt-get update
	sudo apt-get install -y wget apt-transport-https gnupg lsb-release
	sudo wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| sudo apt-key add -
	echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" \| sudo tee -a /etc/apt/sources.list.d/trivy.list
	sudo apt-get update
	sudo apt-get install -y trivy

	# Run Trivy scan
	- name: Run Trivy scan
	run: \|
	trivy --version
	trivy fs --format table -o trivy-fs-report.html .

	# Download and install SonarQube
	- name: Download SonarQube
	run: \|
	sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip
	sudo apt install unzip
	sudo unzip sonarqube-9.9.0.65466.zip -d /opt
	sudo mv /opt/sonarqube-9.9.0.65466 /opt/sonarqube
	sudo groupadd sonar
	sudo useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonar sonar
	sudo chown sonar:sonar /opt/sonarqube -R

	# Start SonarQube
	- name: Start SonarQube
	run: /opt/sonarqube/bin/linux-x86-64/sonar.sh start
	- name: Run SonarQube analysis
	- uses: SonarSource/[email protected]
	- env :
	SONAR_HOST_URL: http://localhost:9000 \
	SONAR_TOKEN: squ_fb9478b67688f5ba467f963ccd765674bc581052


	# Execute SonarQube scan using the official action
	- name: Official SonarQube Scan
	uses: SonarSource/[email protected]
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: http://localhost:9000

	- name: SonarQube Scan
	uses: sonarsource/sonarqube-scan-action@master
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: http://172.17.0.2:9000

	- name: Install jq
	run: sudo apt-get update && sudo apt-get install -y jq

	- name: SonarQube Quality Gate check
	id: sonarqube-quality-gate-check
	uses: sonarsource/sonarqube-quality-gate-action@master
	timeout-minutes: 5
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker Image
	run: \|
	docker build -t chaden/recipeapp:latest .
	- name: Trivy Image Scan
	run: \|
	trivy image --format table -o trivy-image-report.html chaden/recipeapp:latest
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Push Docker Image
	run: \|
	docker push chaden/recipeapp:latest


	- name: Kubectl Action
	uses: tale/kubectl-action@v1
	with:
	base64-kube-config: ${{ secrets.KUBE_CONFIG }}

	- run: \|
	kubectl apply -f deployment-service.yml -n webapps
	kubectl get svc -n webapps

	# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
	- name: Update dependency graph
	uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update CICD.yml #51

Workflow file

Update CICD.yml #51

Jobs

Run details

Workflow file for this run