-
Notifications
You must be signed in to change notification settings - Fork 87
125 lines (114 loc) · 4.07 KB
/
next-dev-version-worker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: Next Dev Version Worker
on:
workflow_dispatch:
inputs:
build-zoo-handler:
description: 'Build Zoo Handler Payload'
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
- uses: jfrog/setup-jfrog-cli@v3
env:
JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
# cache maven .m2
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2-
# target deploy repos
- name: Configure JFrog Cli
run: |
jfrog rt mvnc --use-wrapper \
--server-id-resolve=repo.spring.io \
--server-id-deploy=repo.spring.io \
--repo-resolve-releases=libs-milestone \
--repo-resolve-snapshots=libs-snapshot \
--repo-deploy-releases=libs-release-local \
--repo-deploy-snapshots=libs-snapshot-local
echo JFROG_CLI_BUILD_NAME=spring-cloud-deployer-main-ndv >> $GITHUB_ENV
echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
# zoo extract and ensure
- name: Extract Zoo Context Properties
uses: jvalkeal/[email protected]
with:
dispatch-handler-extract-context-properties: true
# build and publish to configured target
- name: Build and Publish
run: |
jfrog rt mvn build-helper:parse-version versions:set \
-DprocessAllModules=true \
-DgenerateBackupPoms=false \
-Dartifactory.publish.artifacts=false \
-DnewVersion='${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.${parsedVersion.nextIncrementalVersion}-SNAPSHOT' \
-B
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV
jfrog rt build-clean
jfrog rt mvn clean install -DskipTests -B -T 0.5C
jfrog rt build-publish
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildname=spring-cloud-deployer-main-ndv >> $GITHUB_ENV
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildnumber=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
# zoo commit
- name: Commit Next Dev Changes
uses: jvalkeal/[email protected]
with:
commit-changes-branch: main
commit-changes-message: Next development version
# zoo success
- name: Notify Build Success Zoo Handler Controller
uses: jvalkeal/[email protected]
with:
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }}
dispatch-handler-client-payload-data: >
{
"event": "next-dev-version-succeed"
}
# zoo failure
- name: Notify Build Failure Zoo Handler Controller
if: ${{ failure() }}
uses: jvalkeal/[email protected]
with:
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }}
dispatch-handler-client-payload-data: >
{
"event": "next-dev-version-failed",
"message": "spring-cloud-dataflow-build next version failed"
}
# clean m2 cache
- name: Clean cache
run: |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: 'Scanned'
shell: bash
run: echo "::info ::Scanned"
done:
runs-on: ubuntu-latest
needs: [ scan, build ]
steps:
- name: 'Done'
shell: bash
run: echo "::info ::Done"