Update CICD-pipeline.yml #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CiCd Pipeline | |
on: | |
push: | |
branches: [ "main" ] | |
jobs: | |
build: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: maven | |
- name: Build with Maven | |
run: mvn package --file pom.xml | |
# Teivy | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Boardgame | |
path: target/*.jar | |
- name: Trivy FS Scan | |
run: | | |
trivy fs --format table -o trivy-fs-report.html . | |
# Sonarqube | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
- name: Install jq | |
run: sudo apt-get update && sudo apt-get install -y jq | |
# Check the Quality Gate status. | |
- name: SonarQube Quality Gate check | |
id: sonarqube-quality-gate-check | |
uses: sonarsource/sonarqube-quality-gate-action@master | |
# Force to fail step after specific time. | |
timeout-minutes: 5 | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
#Docker push | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Docker Image | |
run: | | |
docker build -t ard3dk/boardgame:latest . | |
- name: Trivy Image Scan | |
run: | | |
trivy image --format table -o trivy-image-report.html ard3dk/boardgame:latest | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push Docker Image | |
run: | | |
docker push ard3dk/boardgame:latest | |
- name: Kubectl Action | |
uses: tale/kubectl-action@v1 | |
with: | |
base64-kube-config: ${{ secrets.KUBE_CONFIG }} | |
- run: | | |
kubectl apply -f deployment-service.yaml -n webapps | |
kubectl get svc -n webapps | |