Skip to content

Update maven.yml #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sen-arindam-pwc wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Update maven.yml #21

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
980954b
Update maven.yml
sen-arindam-pwc Apr 25, 2021
b276306
Update maven.yml
sen-arindam-pwc Apr 25, 2021
0e90f31
Update maven.yml
sen-arindam-pwc Apr 25, 2021
65e8640
Update maven.yml
sen-arindam-pwc Apr 25, 2021
284ba17
Update maven.yml
sen-arindam-pwc Apr 25, 2021
7413f6f
Update maven.yml
sen-arindam-pwc Apr 25, 2021
c98fe89
Update maven.yml
sen-arindam-pwc Apr 25, 2021
4321cc7
Update maven.yml
sen-arindam-pwc Apr 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
238 changes: 16 additions & 222 deletions .github/workflows/maven.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,226 +10,20 @@ on:
branches: [ master ]

jobs:
secret-scan:
name: Repo Secret Scan
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v2
- uses: max/secret-scan@master

analyze:
name: Analyze Source Code
runs-on: ubuntu-latest
needs: [secret-scan]
steps:
- name: Checkout repository
uses: actions/checkout@v2

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: javascript

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

analyze_dockerfile:
name: Analyze Dockerfile
runs-on: ubuntu-latest
needs: [secret-scan]
continue-on-error: true
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Dockerfile validation - Docker Hadolint Linter
run: docker run --rm -i hadolint/hadolint < sm-shop/Dockerfile


build:
name: Build Code
runs-on: ubuntu-latest
needs: [secret-scan, analyze, analyze_dockerfile]
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Cache the Maven packages to speed up build
uses: actions/cache@v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file pom.xml

publish-job:
name: Package Code as war
runs-on: ubuntu-latest
#defaults:
# #run:
# #shell: bash
# #working-directory: build
needs: [secret-scan, analyze, analyze_dockerfile, build]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: 1.8
- uses: actions/cache@v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
#- run: pwd
#- run: ls -lart
#- run: mvn -B package --file /build/pom.xml -DskipTests
- run: mvn -B package --file ${GITHUB_WORKSPACE}/pom.xml -DskipTests
- run: mkdir staging && cp ${GITHUB_WORKSPACE}/sm-shop/target/*.war staging
- uses: actions/upload-artifact@v1
with:
name: Shopizer-Package
path: staging

containerize_n_push_to_registry:
name: Build Docker image and push to GitHub Container Registry
runs-on: ubuntu-latest
needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job]
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Download built artifact
#uses: actions/download-artifact@master
uses: actions/download-artifact@v1
with:
name: Shopizer-Package
#path: staging
- name: Move the artifact to target
run: |
pwd
ls -lart
mkdir -p ${GITHUB_WORKSPACE}/sm-shop/target
mv ${GITHUB_WORKSPACE}/Shopizer-Package/ROOT.war ${GITHUB_WORKSPACE}/sm-shop/target
#docker build -t de.rieckpil.blog/github-actions-sample github-actions-java-maven
- name: Push to GitHub Packages
uses: docker/build-push-action@v1
with:
username: ${{ secrets.CR_Username }}
password: ${{ secrets.CR_Password }}
registry: ghcr.io
#repository: githubteamuser2/shopizer
repository: githubdevopsdemo/githubteamuser2/shopizer
#tags: ${{ github.sha }}
tags: latest
path: sm-shop/
#dockerfile: Dockerfile
file: sm-shop/Dockerfile

scan-image:
name: Scan Docker Image
runs-on: ubuntu-latest
needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry]
steps:
- name: Login to Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.CR_Username }}
password: ${{ secrets.CR_Password }}
- name: Scan Docker Image
uses: anchore/scan-action@v2
id: scan
with:
image: "ghcr.io/githubdevopsdemo/githubteamuser2/shopizer:latest"
acs-report-enable: true
fail-build: false
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Inspect SARIF Report
run: cat ${{ steps.scan.outputs.sarif }}

# Provision-env:
# name: Provision QA Environment
# runs-on: ubuntu-latest
# needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image]
# steps:
# - name: Provision QA Environment
# uses: actions/checkout@v2

Deploy:
name: Deploy shopizer image to AKS cluster dev namespace
runs-on: ubuntu-latest
needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image] #, Provision-env]
steps:
- name: Check out the repo
uses: actions/checkout@v2

# Set the target AKS cluster.
- uses: Azure/aks-set-context@v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS }}'
#Updated the AKS cluster with JK's account

#cluster-name: github_shopizer
#resource-group: RG_Shopizer_AKS
cluster-name: shopizer
resource-group: ICICI_demo


# Set the image secret
- uses: Azure/k8s-create-secret@v1
with:
container-registry-url: ghcr.io
container-registry-username: ${{ secrets.CR_Username }}
container-registry-password: ${{ secrets.CR_Password }}
secret-name: k8s-secret
namespace: dev

# Deploy
- uses: Azure/k8s-deploy@v1
with:
manifests: |
shopizer.yaml
shopizer-service.yaml
images: |
ghcr.io/githubdevopsdemo/githubteamuser2/shopizer:latest
imagepullsecrets: |
k8s-secret
namespace: dev

#DAST:
#name: Perform DAST scan
#runs-on: ubuntu-latest
#needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image, Deploy]
#steps:
#- name: ZAP Scan
#uses: zaproxy/action-full-scan@v0.2.0
#with:
#target: 'https://www.zaproxy.org/'

Run-Test-Automation:
name: Run Test Automation
Run-Test-Automation:
name: Run automated Test from Integration_test reporsitory on Saucelabs
runs-on: ubuntu-latest
needs: [secret-scan]
steps:
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v1
with:
token: ${{ secrets.TEST_ACCESS_TOKEN }}
repository: "githubteamuser1/cima-integration-test"
event-type: invoke-test
#client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'

Run-Performance:
name: Invoke Performance Test
runs-on: ubuntu-latest
#needs: [secret-scan, analyze, analyze_dockerfile, build, publish-job, containerize_n_push_to_registry, scan-image, Provision-env, Deploy, Run-Test-Automation]
needs: [secret-scan, Run-Test-Automation]
steps:
- name: Invoke Performance Test
uses: actions/checkout@v2
#needs: [Deploy]
steps :
- name: Repository Dispatch
#run: curl -X POST -u "${{ secrets.ACCESS_TOKEN }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/GitHubDevOpsDemo/Shopizer/dispatches --data '{"event_type": "invoke_test"}'
run: |
curl \
-X POST \
https://api.github.com/repos/GitHubDevOpsDemo/Shopizer/dispatches \
-H "Accept: application/vnd.github.v3+json" \
-H "Content-Type: application/json" \
-u ${{ secrets.ACCESS_TOKEN }} \
--data '{"event_type": "invoke_test", "client_payload": { "repository": "'"https://github.com/GitHubDevOpsDemo/cima-integration-test"'" }}'
## https://api.github.com/repos/githubteamsuser1/cima-integration-test/dispatches \
# --data '{"event_type":"invoke-test"}'