Merge pull request #2349 from OWASP/dependabot/npm_and_yarn/src/test/… #127
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish Desktop Containers | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build-and-publish-desktop: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| container: | |
| - name: "webdesktop" | |
| dockerfile: "Dockerfile_webdesktop" | |
| image_name: "wrongsecrets-desktop" | |
| - name: "webdesktop-k8s" | |
| dockerfile: "Dockerfile_webdesktopk8s" | |
| image_name: "wrongsecrets-desktop-k8s" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Set up JDK 25 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: "25" | |
| distribution: "temurin" | |
| cache: "maven" | |
| - name: Extract version from pom.xml | |
| id: extract-version | |
| run: | | |
| echo "Extracting version from pom.xml..." | |
| chmod +x ./mvnw | |
| VERSION=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| DOCKER_VERSION=${VERSION%-SNAPSHOT} | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT | |
| echo "Detected version: $VERSION" | |
| echo "Docker version: $DOCKER_VERSION" | |
| - name: Build application | |
| run: ./mvnw --no-transfer-progress clean package -DskipTests | |
| - name: Verify JAR file was created | |
| run: | | |
| echo "Checking target directory..." | |
| ls -la target/ | |
| echo "Looking for JAR files..." | |
| find target/ -name "*.jar" -type f | |
| echo "Verifying specific JAR exists..." | |
| JAR_FILE="target/wrongsecrets-${{ steps.extract-version.outputs.version }}.jar" | |
| if [ -f "$JAR_FILE" ]; then | |
| echo "✅ JAR file found: $JAR_FILE" | |
| ls -la "$JAR_FILE" | |
| else | |
| echo "❌ Expected JAR file not found: $JAR_FILE" | |
| echo "Available JAR files:" | |
| find target/ -name "*.jar" -type f || echo "No JAR files found" | |
| exit 1 | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }}/${{ matrix.container.image_name }} | |
| tags: | | |
| type=ref,event=branch | |
| type=raw,value=latest-master | |
| type=sha,prefix={{branch}}- | |
| - name: Create secret file for build | |
| run: | | |
| echo "wrongsecret-3" > /tmp/mysecret.txt | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: ${{ matrix.container.dockerfile }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| argBasedVersion=${{ steps.extract-version.outputs.docker_version }} | |
| secrets: | | |
| mysecret=/tmp/mysecret.txt | |
| cache-from: type=gha,scope=${{ matrix.container.name }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.container.name }} | |
| - name: Verify Docker image was built | |
| run: | | |
| echo "Verifying Docker image was built successfully..." | |
| echo "Container: ${{ matrix.container.name }}" | |
| echo "Dockerfile: ${{ matrix.container.dockerfile }}" | |
| echo "Image tags: ${{ steps.meta.outputs.tags }}" | |
| echo "Image digest: ${{ steps.build.outputs.digest }}" | |
| create-summary: | |
| runs-on: ubuntu-latest | |
| needs: build-and-publish-desktop | |
| steps: | |
| - name: Create Release Summary | |
| run: | | |
| echo "## 🖥️ Desktop Containers Published" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**📦 Container Images Published:**" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`ghcr.io/${{ github.repository }}/wrongsecrets-desktop:latest-master\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s:latest-master\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**🐳 Try the desktop environments:**" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Standard Desktop:**" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY | |
| echo "docker pull ghcr.io/${{ github.repository }}/wrongsecrets-desktop:latest-master" >> $GITHUB_STEP_SUMMARY | |
| echo "docker run -d -p 3000:3000 ghcr.io/${{ github.repository }}/wrongsecrets-desktop:latest-master" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Kubernetes Desktop:**" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY | |
| echo "docker pull ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s:latest-master" >> $GITHUB_STEP_SUMMARY | |
| echo "docker run -d -p 3000:3000 ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s:latest-master" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Then visit: http://localhost:3000" >> $GITHUB_STEP_SUMMARY |