Revise lab documentation to enhance clarity on environment snapshots … #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main workflow | |
| on: [push, workflow_dispatch] | |
| env: # Set the secret as an input | |
| docker_username: ${{ github.actor }} | |
| docker_password: ${{ secrets.GITHUB_TOKEN }} #Nees to be set to be made available to the workflow | |
| APP_NAME: ${{ github.event.repository.name }} | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| GIT_REPO: ${{ github.repository }} | |
| GIT_REPO_URL: ${{ github.event.repository.clone_url }} | |
| GIT_BRANCH: ${{ github.ref_name }} | |
| GIT_COMMIT: ${{ github.sha }} | |
| IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }} | |
| BUILD_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| COMMIT_URL: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} | |
| jobs: | |
| Build: | |
| runs-on: ubuntu-latest | |
| container: gradle:6-jdk11 | |
| steps: | |
| - name: Clone down repository | |
| uses: actions/checkout@v4 | |
| - name: Build application | |
| run: bash ci/build-app.sh | |
| - name: Test | |
| run: bash ci/unit-test-app.sh | |
| - name: Upload repo | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| include-hidden-files: true | |
| Linting: | |
| runs-on: ubuntu-latest | |
| needs: [Build] | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: run linting | |
| uses: super-linter/super-linter/slim@v7 | |
| env: | |
| DEFAULT_BRANCH: main | |
| # To report GitHub Actions status checks | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| DISABLE_ERRORS: true | |
| Docker-image: | |
| runs-on: ubuntu-latest | |
| needs: [Build] | |
| permissions: | |
| packages: write | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: build docker | |
| run: bash ci/build-docker.sh | |
| - name: push docker | |
| run: bash ci/push-docker.sh | |
| - name: Generate SBOM for the docker image | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: ghcr.io/${{ env.IMAGE }}:latest | |
| format: 'spdx-json' | |
| output-file: 'sbom.spdx.json' | |
| upload-artifact: false | |
| Security-scan: | |
| runs-on: ubuntu-latest | |
| needs: Docker-image | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/${{ env.IMAGE }}:latest' | |
| format: 'table' | |
| #exit-code: '1' #Defaults to 0 meaning that the action will not fail the build if vulnerabilities are found | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| Component-test: | |
| runs-on: ubuntu-latest | |
| needs: Docker-image | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: Execute component test | |
| run: bash ci/component-test.sh | |
| Performance-test: | |
| runs-on: ubuntu-latest | |
| needs: Docker-image | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: Execute performance test | |
| run: bash ci/performance-test.sh | |
| Deploy: | |
| runs-on: ubuntu-latest | |
| needs: [Docker-image, Security-scan, Component-test, Performance-test] | |
| steps: | |
| - name: Download code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code | |
| path: . | |
| - name: Deploy to production | |
| run: bash ci/start-application.sh | |
| - name: stop production environment | |
| run: bash ci/stop-application.sh |