Skip to content
CICD Pipeline

ci(pipeline.yml): #275 use cog-bump:v0.2.0 with dryrun custom action … #67

Sign in to view logs

ci(pipeline.yml): #275 use cog-bump:v0.2.0 with dryrun custom action …

ci(pipeline.yml): #275 use cog-bump:v0.2.0 with dryrun custom action … #67

Workflow file for this run

.github/workflows/pipeline.yml at ac16c6f
name: CICD Pipeline
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
# conventional-commit-check:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - name: Conventional commit check
# uses: cocogitto/cocogitto-action@v3
# build:
# runs-on: ubuntu-latest
# needs: conventional-commit-check
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-java@v4
# with:
# distribution: adopt
# java-version: 21
# check-latest: true
# - name: Cached Gradle packages
# uses: actions/cache@v4
# with:
# key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
# path: |
# ~/.gradle/caches
# ~/.gradle/wrapper
# - run: ( ./gradlew build -x test )
# name: "Executing build"
# unit-test:
# runs-on: ubuntu-latest
# needs: build
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-java@v4
# with:
# distribution: adopt
# java-version: 21
# check-latest: true
# - name: Cached Gradle packages
# uses: actions/cache@v4
# with:
# key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
# path: |
# ~/.gradle/caches
# ~/.gradle/wrapper
# - run: ( ./gradlew test )
# name: "Executing tests"
# - run: ( ./gradlew jacocoTestCoverageVerification )
# name: "Code coverage"
# mutation-test:
# runs-on: ubuntu-latest
# needs: build
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-java@v4
# with:
# distribution: adopt
# java-version: 21
# check-latest: true
# - name: Cached Gradle packages
# uses: actions/cache@v4
# with:
# key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
# path: |
# ~/.gradle/caches
# ~/.gradle/wrapper
# - run: ( ./gradlew pitest )
# name: "Executing mutation tests"
# dependency-vulnerability-analysis:
# runs-on: ubuntu-latest
# needs: build
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-java@v4
# with:
# distribution: adopt
# java-version: 21
# check-latest: true
# - name: Cached Gradle packages
# uses: actions/cache@v4
# with:
# key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
# path: |
# ~/.gradle/caches
# ~/.gradle/wrapper
# ~/.gradle/dependency-check-data/
# - run: ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
# name: "Executing dependency vulnerability checks"
# env:
# NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
# sast-code-snyk:
# runs-on: ubuntu-latest
# needs: build
# steps:
# - uses: actions/checkout@v4
# - name: Run Snyk to static code analysis for vulnerabilities
# uses: snyk/actions/maven-3-jdk-21@master
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# args: --severity-threshold=high
# sast-dockerfile-trivy-hadolint:
# runs-on: ubuntu-latest
# needs: build
# steps:
# - uses: actions/checkout@v4
# - uses: hadolint/[email protected]
# with:
# dockerfile: Dockerfile
# failure-threshold: error
# - name: Run Trivy vulnerability for Dockerfile
# uses: aquasecurity/[email protected]
# with:
# scan-type: config
# scan-ref: './'
# exit-code: 1
# severity: 'CRITICAL,HIGH'
# trivy-config: ./config/trivy/trivy.yaml
docker-build-push:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# needs:
# - unit-test
# - mutation-test
# - dependency-vulnerability-analysis
# - sast-code-snyk
# - sast-dockerfile-trivy-hadolint
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: fetch-tags
run: git fetch --tags origin
shell: bash
- id: bump-version
uses: abhisheksr01/github-actions/[email protected]
with:
dry-run: true
- name: check-bump-version-output
run: |
echo "previous-version: ${{ steps.bump-version.outputs.previous-version }}"
echo "bump-version: ${{ steps.bump-version.outputs.bump-version }}"
echo "current-version: ${{ steps.bump-version.outputs.current-version }}"
echo "is-version-bumped: ${{ steps.bump-version.outputs.is-version-bumped }}"
echo "is-dryrun-version-bumped: ${{ steps.bump-version.outputs.is-dryrun-version-bumped }}"
shell: bash
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: abhisheksr01/companieshouse
context: git
tags: |
type=ref,event=pr
type=semver,pattern={{version}},prefix=v,value=${{ steps.bump-version.outputs.bump-version }}
labels: |
"org.opencontainers.image.title": "abhisheksr01/companieshouse",
"org.opencontainers.image.description": "Best practices and integrations available for Spring Boot based Microservice in a single repository with companieshouse API use case.",
"org.opencontainers.image.url": "https://github.com/abhisheksr01/spring-boot-microservice-best-practices",
"org.opencontainers.image.source": "https://github.com/abhisheksr01/spring-boot-microservice-best-practices",
"org.opencontainers.image.version": ${{ steps.bump-version.outputs.current-version }},
"org.opencontainers.image.created": "2020-01-10T00:30:00.000Z",
"org.opencontainers.image.revision": ${{ github.sha }},
"org.opencontainers.image.licenses": "MIT"
- name: Build and push
uses: docker/build-push-action@v6
with:
push: ${{ github.event_name != 'pull_request' && steps.bump-version.outputs.is-dryrun-version-bumped == 'true' }} # Only push on main branch & when version is bumped with dryrun. We will create tags and creates separately after proper testing
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
sbom: true
provenance: true