Update ci-api.yaml #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration for API Suivie Physique | |
on: | |
push: | |
branches: | |
- main | |
- dev | |
pull_request: | |
branches: | |
- main | |
- dev | |
workflow_dispatch: | |
jobs: | |
compile: | |
name: Compile Suivie Physique API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup JDK 17 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
distribution: 'corretto' | |
java-version: 17 | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Compile API | |
run: | | |
cd backend | |
mvn -B clean compile | |
test: | |
name: Unit Test Suivie Physique API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup JDK 17 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
distribution: 'corretto' | |
java-version: 17 | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Run Unit Test API | |
run: | | |
cd backend | |
mvn clean test | |
secrets: | |
name: Secret Scanning for API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Secret Scanning | |
uses: trufflesecurity/trufflehog@main | |
with: | |
extra_args: --only-verified | |
sca: | |
name: Software composition analysis | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/maven-3-jdk-17@master | |
continue-on-error: true # To make sure that SARIF upload gets called | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --sarif-file-output=snyk.sarif | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: snyk.sarif | |
coverage: | |
name: Code Coverage Suivie Physique API | |
runs-on: ubuntu-latest | |
env: | |
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: DeepSource Test Coverage | |
uses: DeepSourceCorp/test-coverage-action@v1.1.2 | |
with: | |
dsn: DEEPSOURCE_DSN | |
- name: Install DeepSource CLI | |
run: | | |
curl https://deepsource.io/cli | sh | |
- name: Generate coverage report | |
run: | | |
touch ./coverage.out | |
./bin/deepsource report --analyzer test-coverage --key java --value-file ./coverage.out | |
- name: Upload coverage report as artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: coverage-report | |
path: coverage.out | |
- name: Download coverage report | |
uses: actions/download-artifact@v2 | |
with: | |
name: coverage-report | |
path: . | |
build: | |
name: Build Suivie Physique API | |
runs-on: ubuntu-latest | |
needs: [compile, test, secrets, sca, coverage] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup JDK 17 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
distribution: 'corretto' | |
java-version: 17 | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Build API | |
run: | | |
cd backend | |
mvn -B clean package -DskipTests | |
build-push-image: | |
name: Build Docker Image for Suivie Physique API | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup JDK 17 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
distribution: 'corretto' | |
java-version: 17 | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Extract API version | |
id: extract_version | |
run: | | |
cd backend | |
echo "API_VERSION=$(./mvnw -q -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Dockerhub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
- name: Build Docker Image & Push to DockerHub | |
uses: docker/build-push-action@v5 | |
with: | |
context: backend | |
file: docker/backend/Dockerfile | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
tags: dotcipher1/sp-api:latest | |
# deploy: | |
# name: Deploy Suivie Physique API | |
# runs-on: self-hosted | |
# needs: [build-push-image] | |
# steps: | |
# - name: Checkout code | |
# uses: actions/checkout@v4 | |
# | |
# - name: Setup JDK 17 | |
# uses: actions/setup-jdk@v4 | |
# with: | |
# distribution: 'corretto' | |
# java-version: 17 | |
# | |
# - name: Create deployment folder | |
# run: ssh ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_IP }} "mkdir -p ci-cd" | |
# | |
# - name: Copy deployment files | |
# run: scp docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_IP }}:ci-cd/docker-compose.yml | |
# | |
# - name: Set ENV & Deploy API | |
# run: | | |
# ssh ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_IP }} <<EOF | |
# cd ci-cd | |
# docker-compose -f docker-compose.yml pull -q | |
# docker-compose -f docker-compose.yml up -d | |
# EOF |