Skip to content

config ngxin run good with keycloak #22

config ngxin run good with keycloak

config ngxin run good with keycloak #22

Workflow file for this run

name: Customer service CI
on:
push:
branches: [ "main" ]
paths:
- "customer/**"
- ".github/workflows/actions/action.yaml"
- ".github/workflows/customer-ci.yaml"
- "pom.xml"
pull_request:
branches: [ "main" ]
paths:
- "customer/**"
- ".github/workflows/actions/action.yaml"
- ".github/workflows/customer-ci.yaml"
- "pom.xml"
workflow_dispatch:
jobs:
style:
runs-on: ubuntu-latest
name: Check style
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run maven checkstyle
run: mvn checkstyle:checkstyle -f customer
compile:
runs-on: ubuntu-latest
name: Compile project
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
cache: maven
- name: Compile project
run: mvn clean compile -f customer
unit-tests:
runs-on: ubuntu-latest
name: Unit tests
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
cache: maven
- name: Running unit tests
run: mvn test -f customer jacoco:report
build:
runs-on: ubuntu-latest
name: Build project
needs: [compile, unit-tests]
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
cache: maven
- name: Building project
run: mvn package -f customer
coverage:
runs-on: ubuntu-latest
env:
FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
permissions:
pull-requests: write
packages: write
name: Coverage and Package
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
cache: maven
- name: Building project
run: mvn package -f customer
- name: Add coverage report to PR
uses: madrapps/[email protected]
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
with:
paths: ${{github.workspace}}/customer/target/site/jacoco/jacoco.xml
token: ${{secrets.GITHUB_TOKEN}}
min-coverage-overall: 30
min-coverage-changed-files: 20
title: 'Customer Coverage Report'
update-comment: true
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
continue-on-error: false
- name: OWASP Dependency Check
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
uses: dependency-check/Dependency-Check_Action@main
env:
JAVA_HOME: /opt/jdk
with:
project: 'matcha'
path: '.'
format: 'HTML'
- name: Upload OWASP Dependency Check results
if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
uses: actions/upload-artifact@master
with:
name: OWASP Dependency Check Report
path: ${{github.workspace}}/reports
- name: Log in to the Container registry
if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker images
if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v6
with:
context: ./customer
push: true
file: ./customer/Dockerfile
platforms: linux/amd64
tags: ghcr.io/${{ github.repository_owner }}/matcha-customer:latest
check:
runs-on: ubuntu-latest
name: Git-leaks check
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Gitleaks check
run: |
docker pull zricethezav/gitleaks:v8.18.4
docker run --rm -v ${{ github.workspace }}:/work -w /work zricethezav/gitleaks:v8.18.4 detect --source="." --config="/work/gitleaks.toml" --verbose --no-git