order-ci.yaml

name: order service ci

on:
  push:
    branches: ["main"]
    paths:
      - "order/**"
      - ".github/workflows/actions/action.yaml"
      - ".github/workflows/order-ci.yaml"
      - "pom.xml"
  pull_request:
    branches: ["main"]
    paths:
      - "order/**"
      - ".github/workflows/actions/action.yaml"
      - ".github/workflows/order-ci.yaml"
      - "pom.xml"
  workflow_dispatch:

jobs:
  Build:
    runs-on: ubuntu-latest
    env:
      FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - uses: ./.github/workflows/actions
      - name: Run Maven Checkstyle
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        run: mvn checkstyle:checkstyle -pl order -am -Dcheckstyle.output.file=order-checkstyle-result.xml
      - name: Upload Checkstyle Result
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        uses: jwgmeligmeyling/checkstyle-github-action@master
        with:
          path: '**/order-checkstyle-result.xml'
      - name: Run Maven Verify
        run: mvn clean verify -f order
      - name: Test Results
        uses: dorny/test-reporter@v1
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && (success() || failure()) }}
        with:
          name: Order-Service-Unit-Test-Results
          path: "order/**/*-reports/TEST*.xml"
          reporter: java-junit
      - name: Analyze with sonar cloud
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -f order
      - name: OWASP Dependency Check
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        uses: dependency-check/Dependency-Check_Action@main
        env:
          JAVA_HOME: /opt/jdk
        with:
          project: 'yas'
          path: '.'
          format: 'HTML'
      - name: Upload OWASP Dependency Check results
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        uses: actions/upload-artifact@master
        with:
          name: OWASP Dependency Check Report
          path: ${{github.workspace}}/reports
      - name: Add coverage report to PR
        uses: madrapps/jacoco-report@v1.6.1
        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
        with:
          paths: ${{github.workspace}}/order/target/site/jacoco/jacoco.xml
          token: ${{secrets.GITHUB_TOKEN}}
          min-coverage-overall: 80
          min-coverage-changed-files: 60
          title: 'Order Coverage Report'
          update-comment: true
      - name: Log in to the Container registry
        if: ${{ github.ref == 'refs/heads/main' }}
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push Docker images
        if: ${{ github.ref == 'refs/heads/main' }}
        uses: docker/build-push-action@v6
        with:
          context: ./order
          push: true
          tags: ghcr.io/nashtech-garage/yas-order:latest