-
Notifications
You must be signed in to change notification settings - Fork 89
130 lines (122 loc) · 4.41 KB
/
milestone-worker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Milestone Worker
on:
workflow_dispatch:
inputs:
build-zoo-handler:
description: 'Build Zoo Handler Payload'
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
- uses: jfrog/setup-jfrog-cli@v3
env:
JF_URL: 'https://repo.spring.io'
JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2-
# target deploy repos
- name: Configure JFrog Cli
run: |
jfrog rt mvnc --use-wrapper \
--server-id-resolve=${{ vars.JF_SERVER_ID }} \
--server-id-deploy=${{ vars.JF_SERVER_ID }} \
--repo-resolve-releases=libs-milestone \
--repo-resolve-snapshots=libs-snapshot \
--repo-deploy-releases=libs-milestone-local \
--repo-deploy-snapshots=libs-snapshot-local
echo JFROG_CLI_BUILD_NAME=spring-cloud-deployer-main-milestone >> $GITHUB_ENV
echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
# zoo extract and ensure
- name: Extract Zoo Context Properties
uses: jvalkeal/[email protected]
with:
dispatch-handler-extract-context-properties: true
ensure-env: |
BUILD_ZOO_HANDLER_milestone_version
# build and publish to configured target
- name: Build and Publish
run: |
jfrog rt mvn build-helper:parse-version versions:set \
-gs .github/settings.xml \
-Pstagingmilestone \
-DprocessAllModules=true \
-DgenerateBackupPoms=false \
-Dartifactory.publish.artifacts=false \
-DnewVersion='${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.${parsedVersion.incrementalVersion}-'${BUILD_ZOO_HANDLER_milestone_version} \
-B
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV
jfrog rt build-clean
jfrog rt mvn clean install \
-gs .github/settings.xml \
-P-spring,stagingmilestone \
-DskipTests -U -B -T 0.5C
jfrog rt build-publish
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildname=spring-cloud-deployer-main-milestone >> $GITHUB_ENV
echo BUILD_ZOO_HANDLER_spring_cloud_deployer_buildnumber=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
# zoo tag
- name: Tag Release
uses: jvalkeal/[email protected]
with:
tag-release-branch: ${{ env.BUILD_ZOO_HANDLER_spring_cloud_deployer_version }}
tag-release-tag: ${{ env.BUILD_ZOO_HANDLER_spring_cloud_deployer_version }}
tag-release-tag-prefix: v
# zoo success
- name: Notify Build Success Zoo Handler Controller
uses: jvalkeal/[email protected]
with:
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }}
dispatch-handler-client-payload-data: >
{
"event": "build-succeed"
}
# zoo failure
- name: Notify Build Failure Zoo Handler Controller
if: ${{ failure() }}
uses: jvalkeal/[email protected]
with:
dispatch-handler-token: ${{ secrets.SCDF_ACCESS_TOKEN }}
dispatch-handler-client-payload-data: >
{
"event": "build-failed",
"message": "spring-cloud-deployer failed"
}
# clean m2 cache
- name: Clean cache
run: |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: 'Scanned'
shell: bash
run: echo "::info ::Scanned"
done:
runs-on: ubuntu-latest
needs: [ scan, build ]
steps:
- name: 'Done'
shell: bash
run: echo "::info ::Done"