Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updating dev-email-worker.yml #430

Merged
merged 6 commits into from
Jun 16, 2023
Merged

updating dev-email-worker.yml #430

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
95505cb
modifying the entire workflow and replacing build-image job and trivy…
Jun 15, 2023
ad91229
modifying the entire workflow and replacing build-image job and trivy…
Jun 16, 2023
5afcf36
modifying the entire workflow and replacing build-image job and trivy…
Jun 16, 2023
fb7b68e
changed app-version job
Jun 16, 2023
83ab57b
updated both get-version and build-image jobs to pass project version
Jun 16, 2023
fc50546
changed output definition
Jun 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 70 additions & 9 deletions .github/workflows/dev-email-worker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
branches:
- main

jobs:
jobs:
unit-test:
uses: SierraSystems/reusable-workflows/.github/workflows/java-unit-tests.yml@main
rshourou marked this conversation as resolved.
Show resolved Hide resolved
with:
Expand All @@ -21,15 +21,76 @@ jobs:
nexus_url: ${{ secrets.NEXUS_URL }}

app-version:
uses: SierraSystems/reusable-workflows/.github/workflows/java-maven-app-version.yml@main
with:
working_directory: "src/dps-email-worker"
name: Get the app-version from the POM file
runs-on: ubuntu-latest
outputs:
app-version: ${{ steps.get-version.outputs.app-version }}
defaults:
run:
working-directory: "src/dps-email-worker"

steps:
- uses: actions/checkout@v2

- name: "Set up JDK 8"
uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: 8

# Runs build steps
- name: Maven Package
run: mvn -ntp clean package

build-image:
- name: Get Java Project Version
id: get-version
run: |
_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "{app-version}=$_version" >> $GITHUB_OUTPUT
echo $_version

build-scan-image:
needs:
- unit-test
- app-version
uses: SierraSystems/reusable-workflows/.github/workflows/docker-build-image.yml@main
with:
app_name: "dps-email-worker"
working_directory: .
name: Build & Scan Image
runs-on: ubuntu-latest
defaults:
run:
working-directory: "."
rshourou marked this conversation as resolved.
Show resolved Hide resolved

steps:
- name: Checkout code
uses: actions/checkout@v2

#Build image for scanning
- name: Build from Dockerfile
id: build-image
uses: docker/build-push-action@v2
with:
push: false
tags: "dev-email-worker:latest"
context: "."
file: "./Dockerfile"
build-args: |
APP_NAME="dps-email-worker"
APP_VERSION= ${{ needs.app-version.outputs.app-version }}

#Run Vulnerability Scan usinig Trivy scanner
- name: Run Trivy vulnerability scanner for dev-email-worker
uses: aquasecurity/trivy-action@master
with:
scan-type: image
image-ref: "dev-email-worker:${{ needs.app-version.outputs.app-version }}"
format: sarif
output: trivy-results.sarif
exit-code: 1
ignore-unfixed: true
severity: HIGH,CRITICAL

#Upload results to the Github security tab.
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: trivy-results.sarif