Update CICD.yml #117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI with Maven | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Build with Maven | |
| run: mvn -B package --file pom.xml | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: RecipeApp | |
| path: target/*.jar | |
| - name: Print Environment Variables | |
| run: env | |
| - name: Install Trivy | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y wget apt-transport-https gnupg lsb-release | |
| sudo wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install -y trivy | |
| - name: Run Trivy scan | |
| run: | | |
| trivy --version | |
| trivy fs --format table -o trivy-fs-report.html . | |
| # - name: SonarQube Scan | |
| # uses: sonarsource/sonarqube-scan-action@master | |
| # env: | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| # - name: Install jq | |
| # run: sudo apt-get update && sudo apt-get install -y jq | |
| # - name: SonarQube Quality Gate check | |
| # id: sonarqube-quality-gate-check | |
| # uses: sonarsource/sonarqube-quality-gate-action@master | |
| # timeout-minutes: 5 | |
| # env: | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker Image | |
| run: | | |
| docker build -t chaden13/recipeapp:latest . | |
| - name: Trivy Image Scan | |
| run: | | |
| trivy image --format table -o trivy-image-report.html chaden13/recipeapp:latest | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push Docker Image | |
| run: | | |
| docker push chaden13/recipeapp:latest | |
| - name: Kubectl Action | |
| uses: tale/kubectl-action@v1 | |
| with: | |
| base64-kube-config: ${{ secrets.KUBE_CONFIG }} | |
| - run: | | |
| kubectl apply -f deployment-service.yml -n webapps --validate=false --request-timeout=5m | |
| kubectl get svc -n webapps | |
| - name: Update dependency graph | |
| uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 |