Build Snapshot Worker #1587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Worker which is dispatched from build-snapshot-controller workflow. | |
name: Build Snapshot Worker | |
on: | |
workflow_dispatch: | |
inputs: | |
build-zoo-handler: | |
description: 'Build Zoo Handler Payload' | |
required: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'liberica' | |
- uses: jfrog/setup-jfrog-cli@v3 | |
env: | |
JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} | |
# cache maven .m2 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-m2- | |
# target deploy repos | |
- name: Configure JFrog Cli | |
run: | | |
jfrog rt mvnc --use-wrapper \ | |
--server-id-resolve=repo.spring.io \ | |
--server-id-deploy=repo.spring.io \ | |
--repo-resolve-releases=libs-milestone \ | |
--repo-resolve-snapshots=libs-snapshot \ | |
--repo-deploy-releases=libs-release-local \ | |
--repo-deploy-snapshots=libs-snapshot-local | |
echo JFROG_CLI_BUILD_NAME=spring-cloud-deployer-main >> $GITHUB_ENV | |
echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV | |
# zoo extract and ensure | |
- name: Extract Zoo Context Properties | |
uses: jvalkeal/[email protected] | |
with: | |
dispatch-handler-extract-context-properties: true | |
# build and publish to configured target | |
- name: Build and Publish | |
run: | | |
jfrog rt mvn -U -B clean install -T 0.5C | |
jfrog rt build-publish | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildname=spring-cloud-deployer-main >> $GITHUB_ENV | |
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildnumber=$GITHUB_RUN_NUMBER >> $GITHUB_ENV | |
- name: Test Report | |
uses: dorny/test-reporter@v1 | |
if: ${{ success() || failure() }} | |
with: | |
name: Unit Test - Report | |
path: '**/surefire-reports/*.xml' | |
reporter: java-junit | |
list-tests: 'failed' | |
# zoo success | |
- name: Notify Build Success Zoo Handler Controller | |
uses: jvalkeal/[email protected] | |
with: | |
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }} | |
dispatch-handler-client-payload-data: > | |
{ | |
"event": "build-succeed" | |
} | |
# zoo failure | |
- name: Notify Build Failure Zoo Handler Controller | |
if: ${{ failure() }} | |
uses: jvalkeal/[email protected] | |
with: | |
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }} | |
dispatch-handler-client-payload-data: > | |
{ | |
"event": "build-failed", | |
"message": "spring-cloud-deployer failed" | |
} | |
# clean m2 cache | |
- name: Clean cache | |
run: | | |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr | |
scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL,HIGH' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: 'Scanned' | |
shell: bash | |
run: echo "::info ::Scanned" | |
done: | |
runs-on: ubuntu-latest | |
needs: [ scan, build ] | |
steps: | |
- name: 'Done' | |
shell: bash | |
run: echo "::info ::Done" |