Merge branch 'main' into renovate/anchore-grype-0.x #368
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Application build and test | |
| on: | |
| push: | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/dependabot.yml' | |
| - '.github/technolinator.yml' | |
| env: | |
| CDXGEN_VERSION: '9.3.2' | |
| CDXGEN_PLUGINS_VERSION: '1.2.0' | |
| GRYPE_VERSION: 'v0.65.1' | |
| SBOMQS_VERSION: 'v0.0.19' | |
| semantic_version: '19.0.5' | |
| java_version: '20' | |
| mvn_parameter: '-B -ntp' | |
| image_name: 'ghcr.io/mediamarktsaturn/technolinator' | |
| jobs: | |
| ci: | |
| name: Application Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Setup Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '${{ env.java_version }}' | |
| distribution: 'temurin' | |
| - name: Getting next release version | |
| id: semantic | |
| uses: cycjimmy/semantic-release-action@v3 | |
| with: | |
| dry_run: true | |
| semantic_version: ${{ env.semantic_version }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install requirements | |
| run: | | |
| # cdxgen | |
| npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} | |
| npm install -g @cyclonedx/cdxgen-plugins-bin@${CDXGEN_PLUGINS_VERSION} | |
| mkdir _bin | |
| echo $(pwd)/_bin >> $GITHUB_PATH | |
| # grype | |
| curl -Ls https://github.com/anchore/grype/releases/download/${GRYPE_VERSION}/grype_${GRYPE_VERSION:1}_linux_amd64.tar.gz -o grype.tar.gz | |
| tar xf grype.tar.gz -C _bin | |
| # sbomqs | |
| curl -Ls https://github.com/interlynk-io/sbomqs/releases/download/${SBOMQS_VERSION}/sbomqs-linux-amd64 -o _bin/sbomqs | |
| chmod a+x _bin/sbomqs | |
| - name: Application Build and Test | |
| env: | |
| sem_ver: ${{ steps.semantic.outputs.new_release_version }} | |
| QUARKUS_GITHUB_APP_APP_ID: 32168 | |
| QUARKUS_GITHUB_APP_WEBHOOK_SECRET: for-my-eyes-only | |
| QUARKUS_GITHUB_APP_PRIVATE_KEY: '' | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| DTRACK_APIKEY: theres-nothing-to-see-here | |
| run: | | |
| if [ -n "$sem_ver" ]; then | |
| mvn ${{ env.mvn_parameter }} versions:set -DnewVersion="$sem_ver" | |
| fi | |
| mvn ${{ env.mvn_parameter }} clean install | |
| VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.3.0:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo VERSION="$VERSION" >> $GITHUB_ENV | |
| - name: Static code analysis | |
| if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONARQUBE_ANALYSIS_TOKEN }} | |
| SONAR_HOST: ${{ secrets.SONARQUBE_HOST_URL }} | |
| PROJECT_KEY: technolinator:main | |
| run: | | |
| mvn ${{ env.mvn_parameter }} org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dsonar.host.url="$SONAR_HOST" \ | |
| -Dsonar.login="$SONAR_TOKEN" \ | |
| -Dsonar.projectKey="$PROJECT_KEY" \ | |
| -Dsonar.coverage.jacoco.xmlReportPaths=target/jacoco-report/jacoco.xml | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Docker build | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: src/main/docker/Dockerfile | |
| tags: ${{ env.image_name }}:${{ env.VERSION }} | |
| load: true | |
| build-args: | | |
| CDXGEN_VERSION=${{ env.CDXGEN_VERSION }} | |
| CDXGEN_PLUGINS_VERSION=${{ env.CDXGEN_PLUGINS_VERSION }} | |
| GRYPE_VERSION=${{ env.GRYPE_VERSION }} | |
| SBOMQS_VERSION=${{ env.SBOMQS_VERSION }} | |
| - name: Container structure test | |
| run: | | |
| sudo curl -Lso /usr/local/bin/container-structure-test https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 | |
| sudo chmod a+x /usr/local/bin/container-structure-test | |
| container-structure-test test --config src/main/docker/structure-test.yaml --image ${{ env.image_name }}:${{ env.VERSION }} | |
| - name: Login to GHCR | |
| uses: docker/login-action@v2 | |
| if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker push | |
| if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null | |
| run: | | |
| # upload image | |
| docker push ${{ env.image_name }}:${{ env.VERSION }} | |
| - name: Create Release | |
| if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null | |
| uses: cycjimmy/semantic-release-action@v3 | |
| with: | |
| semantic_version: ${{ env.semantic_version }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |