Improve build.sbt

.github/scripts/dnd-sbt

@@ -0,0 +1,17 @@
+#!/bin/bash -exu
+SCRIPT_HOME="$(cd "$(dirname "$0")"; pwd)"
+COMPONENT_HOME="$(cd "${SCRIPT_HOME}/../.."; pwd)"
+
+cd "${COMPONENT_HOME}"
+
+tmp_dir=$(mktemp -d -t dnd-sbt-XXXXXXXXXX)
+cp -R . ${tmp_dir}
+
+docker run \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /usr/bin/docker:/usr/bin/docker \
+  -v ${HOME}/.docker/config.json:/root/.docker/config.json \
+  -v ${tmp_dir}:/root/ \
+  -e GITHUB_TOKEN=${GITHUB_TOKEN} \
+  sbtscala/scala-sbt:eclipse-temurin-jammy-21.0.2_13_1.9.9_2.12.19 \
+  /bin/bash -c "git config --global --add safe.directory /root; sbt ${1}"

.github/workflows/ci.yaml

@@ -1,51 +1,36 @@
 name: CI
-
 on:
   pull_request:
     paths:
-      - '**/*.scala'
-      - '**/*.sbt'
-      - '.scalafmt.conf'
-      - 'project/**'
-      - '.github/workflows/ci.yaml'
+      - .github/workflows/ci.yaml
+      - .sbtopts
+      - build.sbt
+      - .scalafmt.conf
+      - project/**
+      - src/**
+
+defaults:
+  run:
+    shell: bash
 
 env:
-  SBT_OPTS: "-Xmx2G -XX:+UseG1GC -Xss2M"
   GITHUB_TOKEN: ${{ secrets.READ_PACKAGES }}
 
 jobs:
-  lint:
-    runs-on: ubuntu-latest
-
+  code-check:
+    runs-on: self-hosted
+    container:
+      image: sbtscala/scala-sbt:eclipse-temurin-jammy-21.0.2_13_1.9.9_2.12.19
+      options: --user 1001:1001
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-      - uses: sbt/setup-sbt@v1
-        with:
-          sbt-runner-version: 1.9.9
-      - run: sbt scalafmtCheckAll
       - run: sbt headerCheckAll
-
+      - run: sbt scalafmtCheckAll
   test:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
+    container:
+      image: sbtscala/scala-sbt:eclipse-temurin-jammy-21.0.2_13_1.9.9_2.12.19
+      options: --user 1001:1001
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-      - uses: sbt/setup-sbt@v1
-        with:
-          sbt-runner-version: 1.9.9
-      - name: Run tests
-        run: sbt clean test
-
-      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-results
-          path: target/test-results
+      - run: sbt clean compile Test/compile

.github/workflows/docker-ci.yaml

@@ -1,25 +1,70 @@
 name: Docker CI
-
 on:
   pull_request:
     paths:
       - .github/workflows/docker-ci.yaml
+      - .github/scripts/**
       - build.sbt
+      - src/**
+
+env:
+  GITHUB_TOKEN: ${{ secrets.READ_PACKAGES }}
 
 jobs:
-  docker-build:
-    runs-on: ubuntu-latest
+  build-and-test:
+    name: Build & Test
+    runs-on: self-hosted
     steps:
       - uses: actions/checkout@v4
-      - uses: docker/setup-buildx-action@v3
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-      - uses: sbt/setup-sbt@v1
-        with:
-          sbt-runner-version: 1.9.9
+
       - name: Build Docker image
-        env:
-          GITHUB_TOKEN: ${{ secrets.READ_PACKAGES }}
-        run: sbt docker/Docker/publishLocal
+        run: |
+          .github/scripts/dnd-sbt Docker/publishLocal
+          IMAGE_NAME=$(.github/scripts/dnd-sbt printDockerImageName | grep DOCKER_IMAGE | cut -d= -f2)
+          echo "IMAGE=${IMAGE_NAME}" >> $GITHUB_ENV
+
+      - name: Test image - run container
+        run: |
+          CONTAINER_ID=$(docker run -d -p 50051 ${IMAGE})
+          echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV
+          HOST_PORT=$(docker port ${CONTAINER_ID} 50051 | cut -d':' -f2)
+          echo "HOST_PORT=${HOST_PORT}" >> $GITHUB_ENV
+          sleep 15
+
+      - name: Test image - verify service is running
+        run: |
+          nc -z localhost ${HOST_PORT}
+          if [ $? -ne 0 ]; then
+            echo "Service check failed!"
+            exit 1
+          fi
+
+      - name: Cleanup container
+        if: always()
+        run: |
+          if [ ! -z "${CONTAINER_ID}" ]; then
+            docker stop ${CONTAINER_ID}
+            docker rm ${CONTAINER_ID}
+          fi
+
+  security-scan:
+    name: Security Scan
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build Docker image
+        run: |
+          .github/scripts/dnd-sbt Docker/publishLocal
+          IMAGE_NAME=$(.github/scripts/dnd-sbt printDockerImageName | grep DOCKER_IMAGE | cut -d= -f2)
+          echo "IMAGE=${IMAGE_NAME}" >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.IMAGE }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'

.github/workflows/publish.yaml

@@ -11,50 +11,71 @@ env:
 
 jobs:
   publish-jars:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
+    container:
+      image: sbtscala/scala-sbt:eclipse-temurin-jammy-21.0.2_13_1.9.9_2.12.19
+      options: --user 1001:1001
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '21'
-    - uses: sbt/setup-sbt@v1
-      with:
-        sbt-runner-version: 1.9.9
-    - name: publish
+    - name: sbt publish
       run: sbt clean publish
   publish-docker-image:
     runs-on: self-hosted
+    outputs:
+      should_trigger_deploy: ${{ steps.should_trigger_deploy.outputs.should_trigger_deploy }}
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '21'
-    - uses: sbt/setup-sbt@v1
-      with:
-        sbt-runner-version: 1.9.9
-    - uses: docker/setup-buildx-action@v3
     - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.WRITE_PACKAGES }}
         logout: false
     - name: publish docker images
-      run: sbt docker/Docker/publish
+      run: .github/scripts/dnd-sbt Docker/publish
+    - name: set should_trigger_deploy
+      id: should_trigger_deploy
+      shell: bash
+      run: |
+        pattern='^refs/tags/v[0-9]+\.0\.0$'
+        echo "should_trigger_deploy=$([[ "$GITHUB_REF" =~ $pattern ]] && echo false || echo true)" >> $GITHUB_OUTPUT
   gh-release:
     needs: [publish-jars, publish-docker-image]
     runs-on: self-hosted
     steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
     - uses: softprops/action-gh-release@v2
       with:
         token: ${{ secrets.RAW_CI_PAT }}
         generate_release_notes: true
         draft: false
         prerelease: ${{ contains(github.ref_name, '-') }}
         tag_name: ${{ github.ref_name }}
+  trigger-deploy:
+      needs: publish-docker-image
+      if: needs.publish-docker-image.outputs.should_trigger_deploy == 'true'
+      runs-on: ubuntu-latest
+      steps:
+        - name: tag without 'v' prefix
+          id: extract_tag
+          run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+        - name: trigger mvp-deployer workflow
+          uses: peter-evans/repository-dispatch@v3
+          with:
+            token: ${{ secrets.RAW_CI_PAT }}
+            repository: raw-labs/mvp-deployer
+            event-type: das-salesforce-integration-cd
+            client-payload: |-
+              {
+                "aws_region": "eu-west-1",
+                "raw_version": "${{ steps.extract_tag.outputs.version }}",
+                "target_env": "integration",
+                "loaded_vars": "integration",
+                "deployer_version": "latest"
+              }

README.md

@@ -11,12 +11,30 @@
 
 ## How to use
 
-First you need to build the project:
+### Prerequisites
+
+You need to have [sbt](https://www.scala-sbt.org/) installed to build the project.
+
+You can install sbt using [sdkman](https://sdkman.io/):
+```bash
+$ sdk install sbt
+```
+
+### Running the server
+
+You can run the server with the following command:
 ```bash
-$ sbt "project docker" "docker:publishLocal"
+$ sbt run
 ```
 
-This will create a docker image with the name `das-excel`.
+### Docker
+
+To run the server in a docker container you need to follow these steps:
+
+First, you need to build the project:
+```bash
+$ sbt "docker:publishLocal"
+```
 
 Then you can run the image with the following command:
 ```bash