Update builder_maven_slsa3.yml #10

Workflow file for this run

	name: Java CI with Maven
	on:
	push:
	workflow_dispatch:
	# branches:
	# - '*'
	#[ master ]
	# pull_request:
	# branches: [ master ]
	# repository_dispatch:
	# types: [invoke_build_deploy]
	#deployment: development
	jobs:
	secret-scan:
	name: Repo Secret Scan
	#runs-on: [self-hosted, 'Windows', 'X64']
	runs-on: ubuntu-latest
	continue-on-error: true
	steps:
	- uses: actions/checkout@v2
	- uses: max/secret-scan@master
	analyze:
	name: Analyze Source Code
	#runs-on: ['self-hosted', 'Windows', 'X64']
	runs-on: ubuntu-latest
	needs: [secret-scan]
	steps:
	- name: Checkout repository
	uses: actions/checkout@v2
	# Initializes the CodeQL tools for scanning.
	# - name: Initialize CodeQL
	# uses: github/codeql-action/init@v1
	# with:
	# languages: javascript
	# - name: Perform CodeQL Analysis
	# uses: github/codeql-action/analyze@v1
	analyze_dockerfile:
	name: Analyze Dockerfile
	runs-on: ubuntu-latest
	needs: [secret-scan]
	continue-on-error: true
	steps:
	- name: Checkout repository
	uses: actions/checkout@v2
	- name: Dockerfile validation - Docker Hadolint Linter
	run: docker run --rm -i hadolint/hadolint < sm-shop/Dockerfile
	build:
	name: Build Code
	runs-on: ubuntu-latest
	needs: [secret-scan, analyze, analyze_dockerfile]
	steps:
	- uses: actions/checkout@v2
	- name: Set up JDK 1.8
	uses: actions/setup-java@v1
	with:
	java-version: 1.8
	- name: Cache the Maven packages to speed up build
	uses: actions/cache@v1
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2
	- name: Build with Maven
	#run: mvn -B package --file pom.xml
	run: mvn -B clean verify --file pom.xml
	#- run: ls -lart ${GITHUB_WORKSPACE}/sm-shop/target
	- run: ls -lart ${GITHUB_WORKSPACE}/sm-shop/target/site
	- run: ls -lart ${GITHUB_WORKSPACE}/sm-shop/target/site/jacoco
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v1
	with:
	token: ${{ secrets.CODECOVE_TOKEN }}
	files: ./sm-shop/target/site/jacoco/jacoco.xml
	#directory: ${GITHUB_WORKSPACE}/sm-shop/target/site/jacoco/
	flags: unittests
	#env_vars: OS,PYTHON
	name: codecov-umbrella
	fail_ci_if_error: true
	#path_to_write_report: ./coverage/codecov_report.txt
	verbose: true
	publish-job:
	name: Package Code as war
	runs-on: ubuntu-latest
	#defaults:
	# #run:
	# #shell: bash
	# #working-directory: build
	needs: [secret-scan, analyze, analyze_dockerfile, build]
	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-java@v1
	with:
	java-version: 1.8
	- uses: actions/cache@v1
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2
	#- run: pwd
	#- run: ls -lart
	#- run: mvn -B package --file /build/pom.xml -DskipTests
	- run: mvn -B package --file ${GITHUB_WORKSPACE}/pom.xml -DskipTests
	- run: mkdir staging && cp ${GITHUB_WORKSPACE}/sm-shop/target/*.war staging
	- uses: actions/upload-artifact@v1
	with:
	name: Shopizer-Package
	path: staging
	containerize_n_push_to_registry:
	name: Build Docker image and push to GitHub Container Registry
	runs-on: ubuntu-latest
	needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job]
	steps:
	- name: Check out the repo
	uses: actions/checkout@v2
	- name: Download built artifact
	#uses: actions/download-artifact@master
	uses: actions/download-artifact@v1
	with:
	name: Shopizer-Package
	#path: staging
	- name: Move the artifact to target
	run: \|
	pwd
	ls -lart
	mkdir -p ${GITHUB_WORKSPACE}/sm-shop/target
	mv ${GITHUB_WORKSPACE}/Shopizer-Package/ROOT.war ${GITHUB_WORKSPACE}/sm-shop/target
	# # docker build -t de.rieckpil.blog/github-actions-sample github-actions-java-maven
	- name: Push to GitHub Packages
	uses: docker/build-push-action@v1
	with:
	username: ${{ secrets.CR_Username }}
	password: ${{ secrets.CR_Password }}
	registry: ghcr.io
	#repository: githubteamuser2/shopizer
	repository: githubdevopsdemo/githubteamuser2/shopizer
	#tags: ${{ github.sha }}
	tags: latest
	path: sm-shop/
	#dockerfile: Dockerfile
	file: sm-shop/Dockerfile
	scan-image:
	name: Scan Docker Image
	runs-on: ubuntu-latest
	needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry]
	steps:
	- name: Login to Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ secrets.CR_Username }}
	password: ${{ secrets.CR_Password }}
	- name: Scan Docker Image
	uses: anchore/scan-action@v2
	id: scan
	with:
	image: "ghcr.io/githubdevopsdemo/githubteamuser2/shopizer:latest"
	acs-report-enable: true
	fail-build: false
	- name: upload Anchore scan SARIF report
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}
	- name: Inspect SARIF Report
	run: cat ${{ steps.scan.outputs.sarif }}
	# Provision-env:
	# name: Provision QA Environment
	# runs-on: ubuntu-latest
	# needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image]
	# steps:
	# - name: Provision QA Environment
	# uses: actions/checkout@v2
	Deploy:
	name: Deploy shopizer image to AKS cluster dev namespace
	runs-on: ubuntu-latest
	needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image] #, Provision-env]
	steps:
	- name: Check out the repo
	uses: actions/checkout@v2
	# Set the target AKS cluster.
	- uses: Azure/aks-set-context@v1
	with:
	creds: '${{ secrets.AZURE_CREDENTIALS }}'
	#updated with API-Demo RG from Kushal's account
	#Updated the AKS cluster with JK's account
	#Updated the AKS with Singha's account
	#cluster-name: github_shopizer
	#resource-group: RG_Shopizer_AKS
	#cluster-name: shopizer #shopizer_ondemand_k8scluster #shopizer
	#resource-group: ShopizerOnDemandCluster #rg_shopizer_ondemand_k8scluster
	#Cluster from pravin's account
	cluster-name: apidemocluster #shopizer #shopizer_ondemand_k8scluster #shopizer
	resource-group: API-Demo #RG_Shopizer #rg_shopizer_ondemand_k8scluster
	# Set the image secret
	- uses: Azure/k8s-create-secret@v1
	with:
	container-registry-url: ghcr.io
	container-registry-username: ${{ secrets.CR_Username }}
	container-registry-password: ${{ secrets.CR_Password }}
	secret-name: k8s-secret
	namespace: dev
	# Deploy
	- uses: Azure/k8s-deploy@v1
	with:
	manifests: \|
	shopizer.yaml
	shopizer-service.yaml
	images: \|
	ghcr.io/githubdevopsdemo/githubteamuser2/shopizer:latest
	imagepullsecrets: \|
	k8s-secret
	namespace: dev
	#DAST:
	#name: Perform DAST scan
	#runs-on: ubuntu-latest
	#needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image, Deploy]
	#steps:
	#- name: ZAP Scan
	#uses: zaproxy/[email protected]
	#with:
	#target: 'https://www.zaproxy.org/'
	Run-Test-Automation:
	name: Run Test Automation
	runs-on: ubuntu-latest
	needs: [Deploy]
	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v1
	with:
	#token: ${{ secrets.TEST_ACCESS_TOKEN }}
	token: ${{ secrets.ACCESS_TOKEN }}
	repository: "GitHubDevOpsDemo/cima-integration-test"
	event-type: invoke_test
	Run-Performance:
	name: Invoke Performance Test
	runs-on: ubuntu-latest
	# #needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image, Provision-env, Deploy, Run-Test-Automation]
	needs: [Run-Test-Automation]
	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v1
	with:
	#token: ${{ secrets.TEST_ACCESS_TOKEN }}
	token: ${{ secrets.PERF_TEST_ACCESS_TOKEN }}
	repository: "GitHubDevOpsDemo/perfTest"
	event-type: invoke_perftest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update builder_maven_slsa3.yml #10

Workflow file

Update builder_maven_slsa3.yml #10

Jobs

Run details

Workflow file for this run