-
Notifications
You must be signed in to change notification settings - Fork 0
94 lines (86 loc) · 2.95 KB
/
frontend-maven-node-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: Compliance check and build test
env:
JAVA_VERSION: 17
ENABLE_NODE: true
NODE_VERSION: 20
APP_PATH: "/sps-frontend" # example "/backend" for monorepos or "" for multi repos
TZ: Europe/Berlin # timezone
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
on: # defining on which triggers this action should run
push:
branches:
# define on push of which branches should this action be run
paths:
- "sps-frontend/**" # define the concrete paths on which a change triggers this action, e.g. backend/**
- ".github/workflows/**"
pull_request: # trigger this action also on Pull Requests
types: [ opened, reopened ]
jobs:
compliance:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Advance Security Policy as Code
uses: advanced-security/policy-as-code@v2.7.1
with:
policy: it-at-m/policy-as-code
policy-path: default.yaml
token: ${{ secrets.GITHUB_TOKEN }}
argvs: "--disable-dependabot --disable-secret-scanning --disable-code-scanning --display"
build-maven:
needs: compliance
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: "temurin"
cache: "maven"
cache-dependency-path: ".${{env.APP_PATH}}/pom.xml"
- name: Set up Node.js
if: ${{ env.ENABLE_NODE == 'true' }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: "npm"
cache-dependency-path: ".${{env.APP_PATH}}/**/package-lock.json"
- name: Build with Maven
run: mvn --update-snapshots -f .${{env.APP_PATH}}/pom.xml install
- name: 'Upload Artifact'
uses: actions/upload-artifact@v4
with:
name: target
path: "**/target"
retention-days: 5
build-image:
needs: build-maven
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download a single artifact
uses: actions/download-artifact@v4
with:
name: target
- name: Login to Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.APP_PATH }}
- name: Build and push image
uses: docker/build-push-action@v4
with:
context: .${{ env.APP_PATH }}
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.APP_PATH }}