Skip to content

fix: pom.xml to reduce vulnerabilities #573

fix: pom.xml to reduce vulnerabilities

fix: pom.xml to reduce vulnerabilities #573

Workflow file for this run

name: Valinta-tulos-service
on:
workflow_dispatch:
push:
paths-ignore:
- '**.md'
permissions:
id-token: write
contents: read
packages: write
jobs:
test-and-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'corretto'
- uses: szenius/[email protected]
with:
timezoneLinux: "Europe/Helsinki"
- name: Build Valintarekisteri Docker container
run: |
cd valinta-tulos-valintarekisteri-db/postgresql/docker/
docker build --tag valintarekisteri-postgres .
cd -
- name: Build with Maven
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ github.token }}
run: |
mvn -B clean package --settings settings.xml
- uses: actions/cache@v4
with:
path: |
valinta-tulos-henkiloviite-synchronizer/target
valinta-tulos-service/target
valinta-tulos-valintarekisteri-db/target
key: ${{ github.sha }}
- uses: actions/upload-artifact@v4
with:
path: valinta-tulos-service/target/valinta-tulos-service-*.war
name: valinta-tulos-service.war
overwrite: true
- uses: actions/upload-artifact@v4
with:
path: valinta-tulos-henkiloviite-synchronizer/target/valinta-tulos-henkiloviite-synchronizer-*-dependencies.jar
name: valinta-tulos-henkiloviite-synchronizer.jar
overwrite: true
deploy-valinta-tulos-service-container:
needs: test-and-build
uses: Opetushallitus/.github/.github/workflows/push-scan-java-ecr.yml@main
with:
application: valinta-tulos-service
base-image: baseimage-war-openjdk11:master
configfolder: valinta-tulos-service/src/main/resources/oph-configuration
jarfile: valinta-tulos-service
jarfolder: .
type: war
download-artifact: true
download-artifact-name: valinta-tulos-service.war
secrets:
AWS_UTILITY_ROLE_ARN: ${{ secrets.AWS_OPH_UTILITY_ROLE_ARN }}
deploy-valinta-tulos-henkiloviite-synchronizer-container:
needs: test-and-build
uses: Opetushallitus/.github/.github/workflows/push-scan-java-ecr.yml@main
with:
application: valinta-tulos-henkiloviite-synchronizer
base-image: baseimage-fatjar-openjdk11:master
configfolder: valinta-tulos-henkiloviite-synchronizer/src/main/resources/oph-configuration
jarfile: valinta-tulos-henkiloviite-synchronizer
jarfolder: .
download-artifact: true
download-artifact-name: valinta-tulos-henkiloviite-synchronizer.jar
secrets:
AWS_UTILITY_ROLE_ARN: ${{ secrets.AWS_OPH_UTILITY_ROLE_ARN }}
deploy-jar-library:
needs: test-and-build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
valinta-tulos-henkiloviite-synchronizer/target
valinta-tulos-service/target
valinta-tulos-valintarekisteri-db/target
key: ${{ github.sha }}
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'corretto'
- name: Deploy jar library
if: github.ref == 'refs/heads/master'
shell: bash
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
GITHUB_TOKEN: ${{ github.token }}
run: |
git clone https://github.com/Opetushallitus/ci-tools.git
source ci-tools/common/setup-tools.sh
mvn deploy -B -pl fi.vm.sade:valinta-tulos-service-parent,valinta-tulos-valintarekisteri-db,valinta-tulos-service -DskipTests --settings settings.xml