88 - main
99
1010jobs :
11- conventional-commit-check :
12- runs-on : ubuntu-latest
13- steps :
14- - uses : actions/checkout@v4
15- with :
16- fetch-depth : 0
17- - name : Conventional commit check
18- uses : cocogitto/cocogitto-action@v3
19- build :
20- runs-on : ubuntu-latest
21- needs : conventional-commit-check
22- steps :
23- - uses : actions/checkout@v4
24- - uses : actions/setup-java@v4
25- with :
26- distribution : adopt
27- java-version : 21
28- check-latest : true
29- - name : Cached Gradle packages
30- uses : actions/cache@v4
31- with :
32- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
33- path : |
34- ~/.gradle/caches
35- ~/.gradle/wrapper
36- run : ( ./gradlew build -x test )
37- name : " Executing build"
38- unit-test :
39- runs-on : ubuntu-latest
40- needs : build
41- steps :
42- - uses : actions/checkout@v4
43- - uses : actions/setup-java@v4
44- with :
45- distribution : adopt
46- java-version : 21
47- check-latest : true
48- - name : Cached Gradle packages
49- uses : actions/cache@v4
50- with :
51- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
52- path : |
53- ~/.gradle/caches
54- ~/.gradle/wrapper
55- run : ( ./gradlew test )
56- name : " Executing tests"
57- - run : ( ./gradlew jacocoTestCoverageVerification )
58- name : " Code coverage"
59- mutation-test :
60- runs-on : ubuntu-latest
61- needs : build
62- steps :
63- - uses : actions/checkout@v4
64- - uses : actions/setup-java@v4
65- with :
66- distribution : adopt
67- java-version : 21
68- check-latest : true
69- - name : Cached Gradle packages
70- uses : actions/cache@v4
71- with :
72- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
73- path : |
74- ~/.gradle/caches
75- ~/.gradle/wrapper
76- run : ( ./gradlew pitest )
77- name : " Executing mutation tests"
78- dependency-vulnerability-analysis :
79- runs-on : ubuntu-latest
80- needs : build
81- steps :
82- - uses : actions/checkout@v4
83- - uses : actions/setup-java@v4
84- with :
85- distribution : adopt
86- java-version : 21
87- check-latest : true
88- - name : Cached Gradle packages
89- uses : actions/cache@v4
90- with :
91- key : ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
92- path : |
93- ~/.gradle/caches
94- ~/.gradle/wrapper
95- ~/.gradle/dependency-check-data/
96- run : ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
97- name : " Executing dependency vulnerability checks"
98- env :
99- NVD_API_KEY : ${{ secrets.NVD_API_KEY }}
100- sast-code-snyk :
101- runs-on : ubuntu-latest
102- needs : build
103- steps :
104- - uses : actions/checkout@v4
105- - name : Run Snyk to static code analysis for vulnerabilities
106- uses : snyk/actions/maven-3-jdk-21@master
107- env :
108- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
109- with :
110- args : --severity-threshold=high
111- sast-dockerfile-trivy-hadolint :
112- runs-on : ubuntu-latest
113- needs : build
114- steps :
115- - uses : actions/checkout@v4
116- -
uses :
hadolint/[email protected] 117- with :
118- dockerfile : Dockerfile
119- failure-threshold : error
120- - name : Run Trivy vulnerability for Dockerfile
121- uses :
aquasecurity/[email protected] 122- with :
123- scan-type : config
124- scan-ref : ' ./'
125- exit-code : 1
126- severity : ' CRITICAL,HIGH'
127- trivy-config : ./config/trivy/trivy.yaml
11+ # conventional-commit-check:
12+ # runs-on: ubuntu-latest
13+ # steps:
14+ # - uses: actions/checkout@v4
15+ # with:
16+ # fetch-depth: 0
17+ # - name: Conventional commit check
18+ # uses: cocogitto/cocogitto-action@v3
19+ # build:
20+ # runs-on: ubuntu-latest
21+ # needs: conventional-commit-check
22+ # steps:
23+ # - uses: actions/checkout@v4
24+ # - uses: actions/setup-java@v4
25+ # with:
26+ # distribution: adopt
27+ # java-version: 21
28+ # check-latest: true
29+ # - name: Cached Gradle packages
30+ # uses: actions/cache@v4
31+ # with:
32+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
33+ # path: |
34+ # ~/.gradle/caches
35+ # ~/.gradle/wrapper
36+ # - run: ( ./gradlew build -x test )
37+ # name: "Executing build"
38+ # unit-test:
39+ # runs-on: ubuntu-latest
40+ # needs: build
41+ # steps:
42+ # - uses: actions/checkout@v4
43+ # - uses: actions/setup-java@v4
44+ # with:
45+ # distribution: adopt
46+ # java-version: 21
47+ # check-latest: true
48+ # - name: Cached Gradle packages
49+ # uses: actions/cache@v4
50+ # with:
51+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
52+ # path: |
53+ # ~/.gradle/caches
54+ # ~/.gradle/wrapper
55+ # - run: ( ./gradlew test )
56+ # name: "Executing tests"
57+ # - run: ( ./gradlew jacocoTestCoverageVerification )
58+ # name: "Code coverage"
59+ # mutation-test:
60+ # runs-on: ubuntu-latest
61+ # needs: build
62+ # steps:
63+ # - uses: actions/checkout@v4
64+ # - uses: actions/setup-java@v4
65+ # with:
66+ # distribution: adopt
67+ # java-version: 21
68+ # check-latest: true
69+ # - name: Cached Gradle packages
70+ # uses: actions/cache@v4
71+ # with:
72+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
73+ # path: |
74+ # ~/.gradle/caches
75+ # ~/.gradle/wrapper
76+ # - run: ( ./gradlew pitest )
77+ # name: "Executing mutation tests"
78+ # dependency-vulnerability-analysis:
79+ # runs-on: ubuntu-latest
80+ # needs: build
81+ # steps:
82+ # - uses: actions/checkout@v4
83+ # - uses: actions/setup-java@v4
84+ # with:
85+ # distribution: adopt
86+ # java-version: 21
87+ # check-latest: true
88+ # - name: Cached Gradle packages
89+ # uses: actions/cache@v4
90+ # with:
91+ # key: ${{ runner.os }}-v1-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
92+ # path: |
93+ # ~/.gradle/caches
94+ # ~/.gradle/wrapper
95+ # ~/.gradle/dependency-check-data/
96+ # - run: ( ./gradlew dependencyCheckAnalyze -PUseNVDKey )
97+ # name: "Executing dependency vulnerability checks"
98+ # env:
99+ # NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
100+ # sast-code-snyk:
101+ # runs-on: ubuntu-latest
102+ # needs: build
103+ # steps:
104+ # - uses: actions/checkout@v4
105+ # - name: Run Snyk to static code analysis for vulnerabilities
106+ # uses: snyk/actions/maven-3-jdk-21@master
107+ # env:
108+ # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
109+ # with:
110+ # args: --severity-threshold=high
111+ # sast-dockerfile-trivy-hadolint:
112+ # runs-on: ubuntu-latest
113+ # needs: build
114+ # steps:
115+ # - uses: actions/checkout@v4
116+ # - uses: hadolint/[email protected] 117+ # with:
118+ # dockerfile: Dockerfile
119+ # failure-threshold: error
120+ # - name: Run Trivy vulnerability for Dockerfile
121+ # uses: aquasecurity/[email protected] 122+ # with:
123+ # scan-type: config
124+ # scan-ref: './'
125+ # exit-code: 1
126+ # severity: 'CRITICAL,HIGH'
127+ # trivy-config: ./config/trivy/trivy.yaml
128128 docker-build-push :
129129 if : github.ref == 'refs/heads/main'
130130 runs-on : ubuntu-latest
131- needs :
132- - unit-test
133- - mutation-test
134- - dependency-vulnerability-analysis
135- - sast-code-snyk
136- - sast-dockerfile-trivy-hadolint
131+ # needs:
132+ # - unit-test
133+ # - mutation-test
134+ # - dependency-vulnerability-analysis
135+ # - sast-code-snyk
136+ # - sast-dockerfile-trivy-hadolint
137137 steps :
138138 - uses : actions/checkout@v4
139139 with :
@@ -142,12 +142,16 @@ jobs:
142142 run : git fetch --tags origin
143143 shell : bash
144144 - id : bump-version
145- uses : armakuni/github-actions/bump-version@main
145+ uses :
abhisheksr01/github-actions/[email protected] 146+ with :
147+ dry-run : true
146148 - name : check-bump-version-output
147149 run : |
148- echo "version-was-bump: ${{ steps.bump-version.outputs.version-was-bump }}"
149150 echo "previous-version: ${{ steps.bump-version.outputs.previous-version }}"
151+ echo "bump-version: ${{ steps.bump-version.outputs.bump-version }}"
150152 echo "current-version: ${{ steps.bump-version.outputs.current-version }}"
153+ echo "is-version-bumped: ${{ steps.bump-version.outputs.is-version-bumped }}"
154+ echo "is-dryrun-version-bumped: ${{ steps.bump-version.outputs.is-dryrun-version-bumped }}"
151155shell : bash
152156 - name : Login to Docker Hub
153157 uses : docker/login-action@v3
@@ -164,7 +168,7 @@ jobs:
164168 context : git
165169 tags : |
166170 type=ref,event=pr
167- type=semver,pattern={{version}},prefix=v,value=${{ steps.bump-version.outputs.current -version }}
171+ type=semver,pattern={{version}},prefix=v,value=${{ steps.bump-version.outputs.bump -version }}
168172labels : |
169173 "org.opencontainers.image.title": "abhisheksr01/companieshouse",
170174 "org.opencontainers.image.description": "Best practices and integrations available for Spring Boot based Microservice in a single repository with companieshouse API use case.",
@@ -177,7 +181,7 @@ jobs:
177181name : Build and push
178182 uses : docker/build-push-action@v6
179183 with :
180- push : ${{ github.event_name != 'pull_request' && steps.bump-version.outputs.version-was-bump == 'true' }} # Only push on main branch & when version is bumped
184+ push : ${{ github.event_name != 'pull_request' && steps.bump-version.outputs.is-dryrun-version-bumped == 'true' }} # Only push on main branch & when version is bumped with dryrun. We will create tags and creates separately after proper testing
181185 tags : ${{ steps.meta.outputs.tags }}
182186 labels : ${{ steps.meta.outputs.labels }}
183187 sbom : true
0 commit comments