This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin #541
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Project CI | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| - '*/*' | |
| - '**' | |
| tags-ignore: | |
| - '**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| validate: | |
| name: Validate Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| cache: "maven" | |
| - name: Code Validation | |
| run: mvn -B validate --file pom.xml | |
| - name: Archive CycloneDX | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: cyclone | |
| path: target/bom.json | |
| retention-days: 5 | |
| - name: Code Compilation | |
| run: mvn -B clean compile --file pom.xml | |
| - name: Checkstyle | |
| run: mvn -B checkstyle:checkstyle -Dcheckstyle.skip=false --file pom.xml | |
| - name: Use Checkstyle report | |
| uses: jwgmeligmeyling/checkstyle-github-action@master | |
| with: | |
| path: '**/checkstyle-result.xml' | |
| test: | |
| name: Test Code | |
| runs-on: ubuntu-latest | |
| needs: | |
| - validate | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| cache: "maven" | |
| - name: Unit Tests | |
| run: mvn -B test --file pom.xml | |
| - name: Integration Tests | |
| run: mvn -B verify -P integration-test --file pom.xml | |
| artifact: | |
| name: Build artifact | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v3 | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| cache: 'maven' | |
| server-id: 'github' | |
| settings-path: ${{ github.workspace }} | |
| - name: Generate Artifact | |
| run: mvn -B clean package -DskipTests -Dtests.skip=true -Dskip.unit.tests=true --file pom.xml | |
| - name: Publish Spring | |
| run: mvn -B source:jar javadoc:jar deploy --file pom.xml -s $GITHUB_WORKSPACE/settings.xml | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Saving artifact | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: service | |
| path: target/simple-webflux*.jar | |
| retention-days: 1 | |
| push_to_registry: | |
| name: Push Docker image | |
| runs-on: ubuntu-latest | |
| needs: | |
| - artifact | |
| if: startsWith(github.ref_name,'v') | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v3 | |
| - name: Getting artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: service | |
| path: ./ | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Image Scan | |
| uses: aquasecurity/[email protected] | |
| continue-on-error: true | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }} | |
| ignore-unfixed: true | |
| severity: CRITICAL | |
| format: 'sarif' | |
| output: 'docker-result.sarif' | |
| - name: Upload Security results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| continue-on-error: true | |
| with: | |
| sarif_file: "docker-result.sarif" |