Skip to content

setup worflow to push docker image to ghcr #128

setup worflow to push docker image to ghcr

setup worflow to push docker image to ghcr #128

Workflow file for this run

name: Java CI with Maven
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
architecture: x64
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Build with webank Online banking
run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true
# 2. Test Stage
test:
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Run Unit and Integration Tests
run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true
security-scan:
runs-on: ubuntu-latest
needs: build # Ensures that the security scan runs only if the build job succeeds
steps:
# Step 1: Checkout code
- name: Checkout code
uses: actions/checkout@v4
# Step 2: Set up Java
- name: Set up Java 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
# Step 3: Run OWASP Dependency-Check
- name: Run OWASP Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
env:
# actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
JAVA_HOME: /opt/jdk
with:
project: 'webank-onlinebanking'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--failOnCVSS 5
# Step 4: Upload the Dependency-Check report as an artifact
- name: Upload Dependency Check report
uses: actions/upload-artifact@v3
with:
name: Dependency-Check Report
path: ${{ github.workspace }}/reports
Sonarqube:
name: Build and analyze
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'zulu' # Alternative distribution options are available.
- name: Cache SonarQube packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Build and analyze
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=webank-online-banking -Dsonar.projectName='webank-online-banking'