chore(deps): Update gradle-wrapper.properties (#385) #187
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to Main Stage ๐ซ | |
on: | |
push: | |
branches: [ main ] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
VERSION: ${{ github.sha }} | |
CI: CI | |
NATIVE_IMAGE_ENABLED: enabled | |
CI_GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
DEPLOY_REPO: ${{ github.event.repository.name }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
permissions: | |
# required for all workflows | |
security-events: write | |
packages: write | |
contents: write | |
issues: write | |
pull-requests: write | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
validation: | |
name: Validation ๐ | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Check Project Integrity | |
uses: ./.github/actions/analysis/check | |
build: | |
name: Build and Test ๐งช | |
needs: [ validation ] | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: ๐ CI_GITHUB_TOKEN | |
if: env.CI_GITHUB_TOKEN == '' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: echo "CI_GITHUB_TOKEN=${GITHUB_TOKEN}" >> $GITHUB_ENV | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ env.CI_GITHUB_TOKEN }} | |
- name: Install Java โ Tools & Dependencies | |
uses: ./.github/actions/install/java | |
with: | |
java-version: 21 | |
gradle-encription-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
gradle-arguments: build koverXmlReport --scan --no-daemon --stacktrace | |
github_token: ${{ env.CI_GITHUB_TOKEN }} | |
- name: Source code vulnerability scanning | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
category: source-code | |
- name: ๐ Upload coverage reports | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: build/reports/kover/report.xml | |
fail_ci_if_error: true # optional (default = false) | |
verbose: true # optional (default = false) | |
static-analysis-security: | |
name: ๐ฎ Static analysis and ๐Security Checks | |
needs: [ validation ] | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: ๐ Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Static Analysis Security | |
uses: ./.github/actions/analysis/security | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
functional: | |
name: Functional Acceptance Tests ๐ฏ | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "Running functional acceptance tests" | |
performance: | |
name: Performance Tests ๐ | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "Running performance tests" | |
security: | |
name: Security Tests ๐ค | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "Running security tests" | |
approval: | |
name: Deploy Approval ๐ซ | |
runs-on: ubuntu-latest | |
needs: [ functional, performance, security ] | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- id: get_data | |
run: | | |
echo "version=$(cat gradle.properties | grep "version =" | cut -d'=' -f2 | sed 's/^ *//;s/ *$//')" >> $GITHUB_OUTPUT | |
- name: ๐ข Generate token for approval workflow | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ secrets.APP_ID }} | |
private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
owner: ${{ github.repository_owner }} | |
- name: Wait for approval | |
uses: trstringer/manual-approval@v1 | |
timeout-minutes: 60 | |
with: | |
secret: ${{ steps.app-token.outputs.token }} # ${{ env.CI_GITHUB_TOKEN }} | |
minimum-approvals: 1 | |
approvers: nomads #${{ github.repository_owner }} | |
issue-title: '๐ Deploying ${{ steps.get_data.outputs.version }} to production' | |
issue-body: "Please approve or deny the release of ${{ github.github.repository }}. **VERSION**: ${{ steps.get_data.outputs.version }} **TAG**: ${{ github.ref_name }} **COMMIT**: ${{ github.sha }}" | |
exclude-workflow-initiator-as-approver: false | |
additional-approved-words: '' | |
additional-denied-words: '' | |
semantic-release: | |
name: Semantic Release ๐งญ | |
needs: [ approval ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ env.CI_GITHUB_TOKEN }} | |
- name: Install Java Tools & Dependencies | |
uses: ./.github/actions/install/java | |
with: | |
java-version: 21 | |
gradle-encription-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Install Tools & Dependencies | |
uses: ./.github/actions/install/node | |
- name: Run Semantic Release | |
id: semantic_release | |
run: | | |
npx semantic-release | |
env: | |
GITHUB_TOKEN: ${{ env.CI_GITHUB_TOKEN }} | |
package-backend: | |
name: Package and Publish ๐ฆ (Backend application) | |
needs: [ semantic-release ] | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- id: get_version | |
run: | | |
echo "version=$(cat gradle.properties | grep "version =" | cut -d'=' -f2 | sed 's/^ *//;s/ *$//')" >> $GITHUB_OUTPUT | |
- name: Build and Push Docker images for the backend application | |
uses: ./.github/actions/docker/backend | |
with: | |
deliver: true | |
docker_username: ${{ secrets.DOCKER_USERNAME }} | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
version: ${{ steps.get_version.outputs.version }} | |
ci_github_token: ${{ env.CI_GITHUB_TOKEN }} | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
package-frontend: | |
name: Package and Publish ๐ฆ (Frontend application) | |
needs: [ semantic-release ] | |
runs-on: ubuntu-latest | |
permissions: write-all | |
strategy: | |
matrix: | |
target: [lyra-app,lyra-landing-page] | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- id: get_version | |
run: | | |
echo "version=$(cat gradle.properties | grep "version =" | cut -d'=' -f2 | sed 's/^ *//;s/ *$//')" >> $GITHUB_OUTPUT | |
- name: ๐๏ธ Build and Push Docker images for the frontend application ${{ matrix.target }} | |
uses: ./.github/actions/docker/frontend | |
with: | |
deliver: true | |
docker_username: ${{ secrets.DOCKER_USERNAME }} | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
version: ${{ steps.get_version.outputs.version }} | |
ci_github_token: ${{ env.CI_GITHUB_TOKEN }} | |
target: ${{ matrix.target }} |