setup worflow to push docker image to ghcr #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java CI with Maven | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
architecture: x64 | |
distribution: 'temurin' | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Build with webank Online banking | |
run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true | |
# 2. Test Stage | |
test: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Run Unit and Integration Tests | |
run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true | |
security-scan: | |
runs-on: ubuntu-latest | |
needs: build # Ensures that the security scan runs only if the build job succeeds | |
steps: | |
# Step 1: Checkout code | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# Step 2: Set up Java | |
- name: Set up Java 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
# Step 3: Run OWASP Dependency-Check | |
- name: Run OWASP Dependency-Check | |
uses: dependency-check/Dependency-Check_Action@main | |
env: | |
# actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image | |
JAVA_HOME: /opt/jdk | |
with: | |
project: 'webank-onlinebanking' | |
path: '.' | |
format: 'HTML' | |
out: 'reports' | |
args: > | |
--failOnCVSS 5 | |
# Step 4: Upload the Dependency-Check report as an artifact | |
- name: Upload Dependency Check report | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Dependency-Check Report | |
path: ${{ github.workspace }}/reports | |
Sonarqube: | |
name: Build and analyze | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'zulu' # Alternative distribution options are available. | |
- name: Cache SonarQube packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Build and analyze | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=webank-online-banking -Dsonar.projectName='webank-online-banking' |