88 - main
99
1010jobs :
11- conventional-commit-check :
11+ # conventional-commit-check:
12+ # runs-on: ubuntu-latest
13+ # steps:
14+ # - uses: actions/checkout@v4
15+ # with:
16+ # fetch-depth: 0
17+ # - name: Conventional commit check
18+ # uses: cocogitto/cocogitto-action@v3
19+ # build:
20+ # runs-on: ubuntu-latest
21+ # needs: conventional-commit-check
22+ # steps:
23+ # - uses: actions/checkout@v4
24+ # - uses: actions/setup-java@v4
25+ # with:
26+ # distribution: adopt
27+ # java-version: 21
28+ # check-latest: true
29+ # - name: Cached Gradle packages
30+ # uses: actions/cache@v4
31+ # with:
32+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
33+ # path: |
34+ # ~/.gradle/caches
35+ # ~/.gradle/wrapper
36+ # - run: ( ./gradlew build -x test )
37+ # name: "Executing build"
38+ # unit-test:
39+ # runs-on: ubuntu-latest
40+ # needs: build
41+ # steps:
42+ # - uses: actions/checkout@v4
43+ # - uses: actions/setup-java@v4
44+ # with:
45+ # distribution: adopt
46+ # java-version: 21
47+ # check-latest: true
48+ # - name: Cached Gradle packages
49+ # uses: actions/cache@v4
50+ # with:
51+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
52+ # path: |
53+ # ~/.gradle/caches
54+ # ~/.gradle/wrapper
55+ # - run: ( ./gradlew test )
56+ # name: "Executing tests"
57+ # - run: ( ./gradlew jacocoTestCoverageVerification )
58+ # name: "Code coverage"
59+ # mutation-test:
60+ # runs-on: ubuntu-latest
61+ # needs: build
62+ # steps:
63+ # - uses: actions/checkout@v4
64+ # - uses: actions/setup-java@v4
65+ # with:
66+ # distribution: adopt
67+ # java-version: 21
68+ # check-latest: true
69+ # - name: Cached Gradle packages
70+ # uses: actions/cache@v4
71+ # with:
72+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
73+ # path: |
74+ # ~/.gradle/caches
75+ # ~/.gradle/wrapper
76+ # - run: ( ./gradlew pitest )
77+ # name: "Executing mutation tests"
78+ # dependency-vulnerability-analysis:
79+ # runs-on: ubuntu-latest
80+ # needs: build
81+ # steps:
82+ # - uses: actions/checkout@v4
83+ # - uses: actions/setup-java@v4
84+ # with:
85+ # distribution: adopt
86+ # java-version: 21
87+ # check-latest: true
88+ # - name: Cached Gradle packages
89+ # uses: actions/cache@v4
90+ # with:
91+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
92+ # path: |
93+ # ~/.gradle/caches
94+ # ~/.gradle/wrapper
95+ # - run: ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
96+ # name: "Executing dependency vulnerability checks"
97+ # env:
98+ # NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
99+ # sast-code-snyk:
100+ # runs-on: ubuntu-latest
101+ # needs: build
102+ # steps:
103+ # - uses: actions/checkout@v4
104+ # - name: Run Snyk to static code analysis for vulnerabilities
105+ # uses: snyk/actions/maven-3-jdk-21@master
106+ # env:
107+ # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
108+ # with:
109+ # args: --severity-threshold=high
110+ # sast-dockerfile-trivy-hadolint:
111+ # runs-on: ubuntu-latest
112+ # needs: build
113+ # steps:
114+ # - uses: actions/checkout@v4
115+ # - uses: hadolint/[email protected] 116+ # with:
117+ # dockerfile: Dockerfile
118+ # failure-threshold: error
119+ # - name: Run Trivy vulnerability for Dockerfile
120+ # uses: aquasecurity/[email protected] 121+ # with:
122+ # scan-type: config
123+ # scan-ref: './'
124+ # exit-code: 1
125+ # severity: 'CRITICAL,HIGH'
126+ # trivy-config: ./config/trivy/trivy.yaml
127+ docker-build-push :
128+ # if: github.ref == 'refs/heads/main'
12129 runs-on : ubuntu-latest
130+ # needs:
131+ # - unit-test
132+ # - mutation-test
133+ # - dependency-vulnerability-analysis
134+ # - sast-code-snyk
135+ # - sast-dockerfile-trivy-hadolint
13136 steps :
14137 - uses : actions/checkout@v4
15138 with :
16139 fetch-depth : 0
17- - name : Conventional commit check
18- uses : cocogitto/cocogitto-action@v3
19- build :
20- runs-on : ubuntu-latest
21- needs : conventional-commit-check
22- steps :
23- - uses : actions/checkout@v4
24- - uses : actions/setup-java@v4
25- with :
26- distribution : adopt
27- java-version : 21
28- check-latest : true
29- - name : Cached Gradle packages
30- uses : actions/cache@v4
31- with :
32- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
33- path : |
34- ~/.gradle/caches
35- ~/.gradle/wrapper
36- run : ( ./gradlew build -x test )
37- name : " Executing build"
38- unit-test :
39- runs-on : ubuntu-latest
40- needs : build
41- steps :
42- - uses : actions/checkout@v4
43- - uses : actions/setup-java@v4
44- with :
45- distribution : adopt
46- java-version : 21
47- check-latest : true
48- - name : Cached Gradle packages
49- uses : actions/cache@v4
50- with :
51- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
52- path : |
53- ~/.gradle/caches
54- ~/.gradle/wrapper
55- run : ( ./gradlew test )
56- name : " Executing tests"
57- - run : ( ./gradlew jacocoTestCoverageVerification )
58- name : " Code coverage"
59- mutation-test :
60- runs-on : ubuntu-latest
61- needs : build
62- steps :
63- - uses : actions/checkout@v4
64- - uses : actions/setup-java@v4
65- with :
66- distribution : adopt
67- java-version : 21
68- check-latest : true
69- - name : Cached Gradle packages
70- uses : actions/cache@v4
71- with :
72- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
73- path : |
74- ~/.gradle/caches
75- ~/.gradle/wrapper
76- run : ( ./gradlew pitest )
77- name : " Executing mutation tests"
78- dependency-vulnerability-analysis :
79- runs-on : ubuntu-latest
80- needs : build
81- steps :
82- - uses : actions/checkout@v4
83- - uses : actions/setup-java@v4
84- with :
85- distribution : adopt
86- java-version : 21
87- check-latest : true
88- - name : Cached Gradle packages
89- uses : actions/cache@v4
90- with :
91- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
92- path : |
93- ~/.gradle/caches
94- ~/.gradle/wrapper
95- run : ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
96- name : " Executing dependency vulnerability checks"
97- env :
98- NVD_API_KEY : ${{ secrets.NVD_API_KEY }}
99- sast-code-snyk :
100- runs-on : ubuntu-latest
101- needs : build
102- steps :
103- - uses : actions/checkout@v4
104- - name : Run Snyk to static code analysis for vulnerabilities
105- uses : snyk/actions/maven-3-jdk-21@master
106- env :
107- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
108- with :
109- args : --severity-threshold=high
110- sast-dockerfile-trivy-hadolint :
111- runs-on : ubuntu-latest
112- needs : build
113- steps :
114- - uses : actions/checkout@v4
115- -
uses :
hadolint/[email protected] 116- with :
117- dockerfile : Dockerfile
118- failure-threshold : error
119- - name : Run Trivy vulnerability for Dockerfile
120- uses :
aquasecurity/[email protected] 121- with :
122- scan-type : config
123- scan-ref : ' ./'
124- exit-code : 1
125- severity : ' CRITICAL,HIGH'
126- trivy-config : ./config/trivy/trivy.yaml
127- docker-build-push :
128- if : github.ref == 'refs/heads/main'
129- runs-on : ubuntu-latest
130- needs :
131- - unit-test
132- - mutation-test
133- - dependency-vulnerability-analysis
134- - sast-code-snyk
135- - sast-dockerfile-trivy-hadolint
136- steps :
140+ - name : fetch-tags
141+ run : git fetch --tags origin
142+ shell : bash
143+ - id : bump-version
144+ uses : armakuni/github-actions/bump-version@main
145+ - name : check-bump-version-output
146+ run : |
147+ echo "version-was-bump: ${{ steps.bump-version.outputs.version-was-bump }}"
148+ echo "previous-version: ${{ steps.bump-version.outputs.previous-version }}"
149+ echo "current-version: ${{ steps.bump-version.outputs.current-version }}"
150+ shell : bash
137151 - name : Login to Docker Hub
138152 uses : docker/login-action@v3
139153 with :
@@ -145,24 +159,27 @@ jobs:
145159 id : meta
146160 uses : docker/metadata-action@v5
147161 with :
148- images : |
149- abhisheksr01/companieshouse
162+ images : abhisheksr01/companieshouse
163+ context : git
164+ flavour : |
165+ latest=true
150166tags : |
151167 type=ref,event=branch
152168 type=ref,event=pr
153- type=semver,pattern={{version}}
154- type=semver,pattern={{major}}.{{minor}}
169+ type=semver,pattern={{version}},prefix=v,value=${{ steps.bump-version.outputs.current-version }}
155170labels : |
156171 "org.opencontainers.image.title": "abhisheksr01/companieshouse",
157172 "org.opencontainers.image.description": "Best practices and integrations available for Spring Boot based Microservice in a single repository with companieshouse API use case.",
158173 "org.opencontainers.image.url": "https://github.com/abhisheksr01/spring-boot-microservice-best-practices",
159174 "org.opencontainers.image.source": "https://github.com/abhisheksr01/spring-boot-microservice-best-practices",
160- "org.opencontainers.image.version": "0.1.0" ,
175+ "org.opencontainers.image.version": ${{ steps.bump-version.outputs.current-version }} ,
161176 "org.opencontainers.image.created": "2020-01-10T00:30:00.000Z",
162177 "org.opencontainers.image.revision": ${{ github.sha }},
163178 "org.opencontainers.image.licenses": "MIT"
164179name : Build and push
165180 uses : docker/build-push-action@v6
166181 with :
167- push : true
168- tags : abhisheksr01/companieshouse:latest
182+ push : ${{ github.event_name != 'pull_request' }} # Only push on main branch
183+ tags : ${{ steps.meta.outputs.tags }}
184+ labels : ${{ steps.meta.outputs.labels }}
185+
0 commit comments