.github/workflows/develop.yaml

name: Java CI with Maven

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: 17
          architecture: x64
          distribution: 'temurin'

      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2

      - name: Set up Maven settings.xml
        run: |
          mkdir -p ~/.m2
          echo "<settings>
                  <servers>
                    <server>
                      <id>github-webank</id>
                      <username>${{ github.actor }}</username>
                      <password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
                    </server>
                  </servers>
                </settings>" > ~/.m2/settings.xml


      - name: Build with webank Online banking
        run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true

  # 2. Test Stage
  test:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2

      - name: Set up Maven settings.xml
        run: |
          mkdir -p ~/.m2
          echo "<settings>
                  <servers>
                    <server>
                      <id>github-webank</id>
                      <username>${{ github.actor }}</username>
                      <password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
                    </server>
                  </servers>
                </settings>" > ~/.m2/settings.xml

      - name: Run Unit and Integration Tests
        run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true

  security-scan:
         runs-on: ubuntu-latest
         needs: build  # Ensures that the security scan runs only if the build job succeeds

         steps:
           # Step 1: Checkout code
          - name: Checkout code
            uses: actions/checkout@v4

           # Step 2: Set up Java
          - name: Set up Java 17
            uses: actions/setup-java@v4
            with:
             java-version: '17'
             distribution: 'temurin'

           # Step 3: Run OWASP Dependency-Check
          - name: Run OWASP Dependency-Check
            uses: dependency-check/Dependency-Check_Action@main
            env:
           # actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
              JAVA_HOME: /opt/jdk
            with:
             project: 'webank-onlinebanking'
             path: '.'
             format: 'HTML'
             out: 'reports'  
             args: >
              --failOnCVSS 5
            # Step 4: Upload the Dependency-Check report as an artifact
          - name: Upload Dependency Check report
            uses: actions/upload-artifact@v3
            with:
              name: Dependency-Check Report
              path: ${{ github.workspace }}/reports