Skip to content

Merge pull request #153 from MediaMarktSaturn/renovate/anchore-grype-0.x #369

Merge pull request #153 from MediaMarktSaturn/renovate/anchore-grype-0.x

Merge pull request #153 from MediaMarktSaturn/renovate/anchore-grype-0.x #369

Workflow file for this run

name: Application build and test
on:
push:
paths-ignore:
- 'README.md'
- '.github/dependabot.yml'
- '.github/technolinator.yml'
env:
CDXGEN_VERSION: '9.3.2'
CDXGEN_PLUGINS_VERSION: '1.2.0'
GRYPE_VERSION: 'v0.65.1'
SBOMQS_VERSION: 'v0.0.19'
semantic_version: '19.0.5'
java_version: '20'
mvn_parameter: '-B -ntp'
image_name: 'ghcr.io/mediamarktsaturn/technolinator'
jobs:
ci:
name: Application Build
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Setup Java
uses: actions/setup-java@v3
with:
java-version: '${{ env.java_version }}'
distribution: 'temurin'
- name: Getting next release version
id: semantic
uses: cycjimmy/semantic-release-action@v3
with:
dry_run: true
semantic_version: ${{ env.semantic_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install requirements
run: |
# cdxgen
npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION}
npm install -g @cyclonedx/cdxgen-plugins-bin@${CDXGEN_PLUGINS_VERSION}
mkdir _bin
echo $(pwd)/_bin >> $GITHUB_PATH
# grype
curl -Ls https://github.com/anchore/grype/releases/download/${GRYPE_VERSION}/grype_${GRYPE_VERSION:1}_linux_amd64.tar.gz -o grype.tar.gz
tar xf grype.tar.gz -C _bin
# sbomqs
curl -Ls https://github.com/interlynk-io/sbomqs/releases/download/${SBOMQS_VERSION}/sbomqs-linux-amd64 -o _bin/sbomqs
chmod a+x _bin/sbomqs
- name: Application Build and Test
env:
sem_ver: ${{ steps.semantic.outputs.new_release_version }}
QUARKUS_GITHUB_APP_APP_ID: 32168
QUARKUS_GITHUB_APP_WEBHOOK_SECRET: for-my-eyes-only
QUARKUS_GITHUB_APP_PRIVATE_KEY: ''
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DTRACK_APIKEY: theres-nothing-to-see-here
run: |
if [ -n "$sem_ver" ]; then
mvn ${{ env.mvn_parameter }} versions:set -DnewVersion="$sem_ver"
fi
mvn ${{ env.mvn_parameter }} clean install
VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.3.0:evaluate -Dexpression=project.version -q -DforceStdout)
echo VERSION="$VERSION" >> $GITHUB_ENV
- name: Static code analysis
if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_ANALYSIS_TOKEN }}
SONAR_HOST: ${{ secrets.SONARQUBE_HOST_URL }}
PROJECT_KEY: technolinator:main
run: |
mvn ${{ env.mvn_parameter }} org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.host.url="$SONAR_HOST" \
-Dsonar.login="$SONAR_TOKEN" \
-Dsonar.projectKey="$PROJECT_KEY" \
-Dsonar.coverage.jacoco.xmlReportPaths=target/jacoco-report/jacoco.xml
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Docker build
uses: docker/build-push-action@v4
with:
context: .
file: src/main/docker/Dockerfile
tags: ${{ env.image_name }}:${{ env.VERSION }}
load: true
build-args: |
CDXGEN_VERSION=${{ env.CDXGEN_VERSION }}
CDXGEN_PLUGINS_VERSION=${{ env.CDXGEN_PLUGINS_VERSION }}
GRYPE_VERSION=${{ env.GRYPE_VERSION }}
SBOMQS_VERSION=${{ env.SBOMQS_VERSION }}
- name: Container structure test
run: |
sudo curl -Lso /usr/local/bin/container-structure-test https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
sudo chmod a+x /usr/local/bin/container-structure-test
container-structure-test test --config src/main/docker/structure-test.yaml --image ${{ env.image_name }}:${{ env.VERSION }}
- name: Login to GHCR
uses: docker/login-action@v2
if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker push
if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null
run: |
# upload image
docker push ${{ env.image_name }}:${{ env.VERSION }}
- name: Create Release
if: github.ref == 'refs/heads/main' && steps.semantic.outputs.new_release_version != null
uses: cycjimmy/semantic-release-action@v3
with:
semantic_version: ${{ env.semantic_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}