add order ci (#27) #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Order service CI | |
on: | |
push: | |
branches: [ "main" ] | |
paths: | |
- "order/**" | |
- ".github/workflows/actions/action.yaml" | |
- ".github/workflows/order-ci.yaml" | |
- "pom.xml" | |
pull_request: | |
branches: [ "main" ] | |
paths: | |
- "order/**" | |
- ".github/workflows/actions/action.yaml" | |
- ".github/workflows/order-ci.yaml" | |
- "pom.xml" | |
workflow_dispatch: | |
jobs: | |
style: | |
runs-on: ubuntu-latest | |
name: Check style | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Run maven checkstyle | |
run: mvn checkstyle:checkstyle -f order | |
compile: | |
runs-on: ubuntu-latest | |
name: Compile project | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'adopt' | |
cache: maven | |
- name: Compile project | |
run: mvn clean compile -f order | |
unit-tests: | |
runs-on: ubuntu-latest | |
name: Unit tests | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'adopt' | |
cache: maven | |
- name: Running unit tests | |
run: mvn test -f order jacoco:report | |
build: | |
runs-on: ubuntu-latest | |
name: Build project | |
needs: [compile, unit-tests] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'adopt' | |
cache: maven | |
- name: Building project | |
run: mvn package -f order | |
coverage: | |
runs-on: ubuntu-latest | |
env: | |
FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }} | |
permissions: | |
pull-requests: write | |
packages: write | |
name: Coverage and Package | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'adopt' | |
cache: maven | |
- name: Building project | |
run: mvn package -f inventory | |
- name: Add coverage report to PR | |
uses: madrapps/[email protected] | |
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }} | |
with: | |
paths: ${{github.workspace}}/order/target/site/jacoco/jacoco.xml | |
token: ${{secrets.GITHUB_TOKEN}} | |
min-coverage-overall: 30 | |
min-coverage-changed-files: 20 | |
title: 'Order Coverage Report' | |
update-comment: true | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
continue-on-error: false | |
- name: OWASP Dependency Check | |
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }} | |
uses: dependency-check/Dependency-Check_Action@main | |
env: | |
JAVA_HOME: /opt/jdk | |
with: | |
project: 'matcha' | |
path: '.' | |
format: 'HTML' | |
- name: Upload OWASP Dependency Check results | |
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }} | |
uses: actions/upload-artifact@master | |
with: | |
name: OWASP Dependency Check Report | |
path: ${{github.workspace}}/reports | |
- name: Log in to the Container registry | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker images | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./order | |
push: true | |
file: ./order/Dockerfile | |
platforms: linux/amd64 | |
tags: ghcr.io/${{ github.repository_owner }}/matcha-order:latest | |
check: | |
runs-on: ubuntu-latest | |
name: Git-leaks check | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Gitleaks check | |
run: | | |
docker pull zricethezav/gitleaks:v8.18.4 | |
docker run --rm -v ${{ github.workspace }}:/work -w /work zricethezav/gitleaks:v8.18.4 detect --source="." --config="/work/gitleaks.toml" --verbose --no-git |