Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2026-02-01 20:21:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

apptrust flow

Browse source
This commit is contained in:
Krishna Manchikalapudi 2025-11-20 14:01:58 -08:00
parent 8571ca5667
commit e1cb38a3a4
6 changed files with 542 additions and 457 deletions
Download patch file Download diff file Expand all files Collapse all files

329
.github/workflows/jf-cli.yml vendored
View file

@ -18,6 +18,7 @@ env:
RBv2_SPEC_JSON: "rbv2-spec-info.json"
#RBV2_SIGNING_KEY: "${{secrets.RBV2_SIGNING_KEY}}" # ref https://jfrog.com/help/r/jfrog-artifactory-documentation/create-signing-keys-for-release-bundles-v2
DEFAULT_WORKSPACE: "${{github.workspace}}" # /home/runner/work/spring-petclinic/spring-petclinic
PROJECT_KEY_APP_TRUST: "krishna-apptrust"
jobs:
dockerPackage:
name: "Docker"
@ -28,7 +29,7 @@ jobs:
RT_REPO_DOCKER_VIRTUAL: "springpetclinic-docker-virtual"
RT_REPO_DOCKER_DEFAULT_LOCAL: "springpetclinic-docker-snapshot-local" # springpetclinic-docker-dev-local, springpetclinic-docker-qa-local, springpetclinic-docker-prod-local
RT_REPO_DEV_LOCAL: "springpetclinic-docker-dev-local"
RT_REPO_QA_LOCAL: s"pringpetclinic-docker-qa-local"
RT_REPO_QA_LOCAL: "springpetclinic-docker-qa-local"
RT_REPO_PROD_LOCAL: "springpetclinic-docker-prod-local"
DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
DOCKER_METADATA_JSON: 'build-metadata.json'
@ -788,6 +789,7 @@ jobs:
ARTIFACT_DIGEST=$(sha256sum target/spring-petclinic-*.jar | awk '{print "sha256:"$1}')
echo "artifact_digest=$ARTIFACT_DIGEST" >> $GITHUB_OUTPUT
- name: "Evidence: Build Info"
# continue-on-error: true
env:
@ -804,18 +806,6 @@ jobs:
cat ./${{env.EVD_JSON}}
jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVD_JSON}} --predicate-type https://cyclonedx.org/bom/v1.4 --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}}
- name: "Evidence: Test Results"
continue-on-error: true
env:
PY_SCRIPT: "jfrog/convert/convert_surefire_to_json.py"
EVD_JSON: "target/surefire-reports/test-results.json" # https://jfrog.com/evidence/signature/v1
run: |
jf mvn test -Denforcer.skip=true
python3 ./${{env.PY_SCRIPT}} ./${{env.EVD_JSON}}
cat ./${{env.EVD_JSON}}
jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVD_JSON}} --predicate-type https://jfrog.com/evidence/test-results/v1 --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}}
# - name: "Evidence: Build Publish"
# # continue-on-error: true
@ -1366,4 +1356,315 @@ jobs:
run: |
cat ./${{env.EVD_JSON}}
jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVD_JSON}} --predicate-type https://cyclonedx.org/bom/v1.4 --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}}
appTrustdockerPackage:
name: "AppTrustDocker"
env:
BUILD_ID: "psj-at-dkr-${{github.run_number}}"
RT_REPO_MVN_VIRTUAL: "krishna-apptrust-java-virtual"
# RT_REPO_MVN_DEFAULT_LOCAL: "springpetclinic-mvn-snapshot-local" # springpetclinic-mvn-dev-local, springpetclinic-mvn-qa-local, springpetclinic-mvn-prod-local
RT_REPO_DOCKER_VIRTUAL: "krishna-apptrust-docker-virtual"
RT_REPO_DOCKER_DEFAULT_LOCAL: "krishna-apptrust-docker-init-local" # krishna-apptrust-docker-dev-local, krishna-apptrust-docker-prod-local, krishna-apptrust-docker-qa-local
RT_REPO_DEV_LOCAL: "krishna-apptrust-docker-dev-local"
RT_REPO_QA_LOCAL: "krishna-apptrust-docker-qa-local"
RT_REPO_PROD_LOCAL: "krishna-apptrust-docker-prod-local"
DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
DOCKER_METADATA_JSON: 'build-metadata.json'
defaults:
run:
working-directory: "${{env.DEFAULT_WORKSPACE}}"
runs-on: ubuntu-latest
timeout-minutes: 30 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes
steps:
# Use the specific setup-cli branch. Ref https://github.com/marketplace/actions/setup-jfrog-cli
- name: "Setup JFrog CLI"
uses: jfrog/setup-jfrog-cli@v4
id: setup-cli
env:
JF_URL: ${{env.JF_RT_URL}}
JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}}
JFROG_CLI_RELEASES_REPO: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}'
JFROG_CLI_EXTRACTORS_REMOTE: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}'
JF_GIT_TOKEN: ${{secrets.GITHUB_TOKEN}}
with:
version: latest #2.71.0
oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}}
disable-job-summary: ${{env.JOB_SUMMARY}}
- name: "Clone VCS"
uses: actions/checkout@v4 # ref: https://github.com/actions/checkout
- name: "setUp JDK provider = ${{env.JAVA_DISTRIBUTION}} with ver = ${{env.JAVA_VERSION}}"
uses: actions/setup-java@v4 # ref https://github.com/actions/setup-java
with:
distribution: ${{env.JAVA_DISTRIBUTION}} # temurin
java-version: ${{env.JAVA_VERSION}} # 25
cache: 'maven'
cache-dependency-path: 'pom.xml'
- name: "Software version"
run: |
# JFrog CLI version
jf --version
# Ping the server
jf rt ping
# Java
java -version
# MVN
mvn -version
# Docker
docker -v
# Python
python3 -V
pip3 -V
# jf config
jf config show
- name: "Config jf with mvn repos"
run: |
jf mvnc --global --repo-resolve-releases ${{env.RT_REPO_MVN_VIRTUAL}} --repo-resolve-snapshots ${{env.RT_REPO_MVN_VIRTUAL}}
- name: "Create ENV variables"
run: |
echo "ARTIFACT_NAME=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_ENV
echo "ARTIFACT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
echo "TODAYS_DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
echo "RT_REPO_DOCKER_IMG=${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.BUILD_NAME}}" >> $GITHUB_ENV
echo "JF_REGISTRY=${{env.JF_RT_URL}}/${{env.RT_REPO_DOCKER_VIRTUAL}}" >> $GITHUB_ENV
echo "RT_REPO_DOCKER_URL=${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.BUILD_NAME}}:${{env.BUILD_ID}}" >> $GITHUB_ENV
- name: "Docker authentication" # ref https://github.com/marketplace/actions/docker-login
id: config-docker
uses: docker/login-action@v3
with:
registry: ${{env.JF_REGISTRY}}
username: ${{steps.setup-cli.outputs.oidc-user}}
password: ${{steps.setup-cli.outputs.oidc-token}}
- name: "Docker buildx instance"
uses: docker/setup-buildx-action@v3 # ref: https://github.com/marketplace/actions/docker-setup-buildx h
with:
use: true
platforms: ${{env.DOCKER_BUILDX_PLATFORMS}} # linux/amd64,linux/arm64 # ref: https://docs.docker.com/reference/cli/docker/buildx/create/#platform
install: true
- name: "list folder"
run: |
pwd
tree .
- name: "Docker: Summary "
run: |
echo "# :frog: :ship: Docker: Summary :pushpin:" >> $GITHUB_STEP_SUMMARY
echo " " >> $GITHUB_STEP_SUMMARY
echo " " >> $GITHUB_STEP_SUMMARY
echo " - Installed JFrog CLI [$(jf --version)](https://jfrog.com/getcli/) and Java [${{env.JAVA_DISTRIBUTION}}](https://github.com/actions/setup-java) v${{env.JAVA_VERSION}} " >> $GITHUB_STEP_SUMMARY
echo " - $(jf --version) " >> $GITHUB_STEP_SUMMARY
echo " - $(mvn -v) " >> $GITHUB_STEP_SUMMARY
echo " - $(docker -v) " >> $GITHUB_STEP_SUMMARY
echo " - Docker buildx configured with platforms: [${{env.DOCKER_BUILDX_PLATFORMS}}](https://docs.docker.com/reference/cli/docker/buildx/create/#platform) " >> $GITHUB_STEP_SUMMARY
echo " - Configured the JFrog Cli and Docker login with SaaS Artifactory OIDC integration " >> $GITHUB_STEP_SUMMARY
echo " " >> $GITHUB_STEP_SUMMARY
echo " - Variables info" >> $GITHUB_STEP_SUMMARY
echo " - App Trust project key: ${{env.PROJECT_KEY_APP_TRUST}} " >> $GITHUB_STEP_SUMMARY
echo " - ID: ${{env.BUILD_ID}} " >> $GITHUB_STEP_SUMMARY
echo " - Build Name: ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY
echo " - Maven Repo URL: ${{env.RT_REPO_MVN_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY
echo " - Docker Repo URL: ${{env.RT_REPO_DOCKER_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY
echo " - Docker Image: ${{env.RT_REPO_DOCKER_IMG}}" >> $GITHUB_STEP_SUMMARY
echo " - Docker URL: ${{env.RT_REPO_DOCKER_URL}}" >> $GITHUB_STEP_SUMMARY
echo " " >> $GITHUB_STEP_SUMMARY
# Package
- name: "Curation: audit" # https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security/cli-for-jfrog-curation
timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes
continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error
run: |
rm -rf build.gradle
jf ca --format=table --threads=100
- name: "Xray & JAS: Audit" # https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security
# scan for Xray: Source code dependencies and JAS: Secrets Detection, IaC, Vulnerabilities Contextual Analysis 'SAST'
timeout-minutes: 15 # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes
# continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error
run: |
jf audit --mvn --sast=true --sca=true --secrets=true --licenses=true --validate-secrets=true --vuln=true --format=table --extended-table=true --threads=100 --fail=false --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "Package: Create MVN Build"
# jf mvn clean install -DskipTests=true -Denforcer.skip=true --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}}
run: | # -Djar.finalName=${{env.JAR_FINAL_NAME}}
mvn clean install -DskipTests=true -Denforcer.skip=true
- name: "Package: Xray - mvn Artifact scan"
timeout-minutes: 15 # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes
continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error
run: |
jf scan . --format=table --extended-table=true --threads=100 --fail=false --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "Package: Docker build and push"
env:
JAR_FILE: "./target/${{env.ARTIFACT_NAME}}-${{env.ARTIFACT_VERSION}}.jar"
TAG10: "${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.ARTIFACT_NAME}}:${{env.ARTIFACT_VERSION}}"
TAG11: "${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.ARTIFACT_NAME}}:${{env.TODAYS_DATE}}"
TAG12: "${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.ARTIFACT_NAME}}:${{env.BUILD_ID}}"
TAG13: "${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.ARTIFACT_NAME}}:latest"
run: |
docker image build -f ./jfrog/AppTrustDockerfile --build-arg JAR_FILE=${{env.JAR_FILE}} --platform "${{env.DOCKER_BUILDX_PLATFORMS}}" --metadata-file "${{env.DOCKER_METADATA_JSON}}" --push . -t ${{env.TAG10}} -t ${{env.TAG11}} -t ${{env.TAG12}} -t ${{env.TAG13}}
- name: "Optional: Docker pull image"
run: |
docker pull ${{env.RT_REPO_DOCKER_URL}}
- name: "Package: Docker image list"
run: |
docker image ls
# Evidence - Package references
# Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management
# CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service
- name: "Evidence: Package"
# continue-on-error: true
run: |
echo '{ "actor": "${{github.actor}}", "pipeline": "github actions","build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd":"Evidence-Package", "package":"${{env.RT_REPO_DOCKER_URL}}" }' > ./${{env.EVIDENCE_SPEC_JSON}}
cat ./${{env.EVIDENCE_SPEC_JSON}}
jf evd create --package-name ${{env.BUILD_NAME}} --package-version ${{env.BUILD_ID}} --package-repo-name ${{env.RT_REPO_DOCKER_VIRTUAL}} --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1
#echo " - Evidence for PACKAGE attached. Info available SaaS >> tab: Application >> left menu: Artifactory >> Packages >> ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY
- name: "Package: Xray - docker Artifact scan"
timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes
continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error
run: |
jf docker scan ${{env.RT_REPO_DOCKER_URL}} --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --format=table --extended-table=true --detailed-summary=true --vuln=true --licenses=true --threads=100 --fail=false
- name: "Optional: Set env vars for BuildInfo" # These properties were captured in Builds >> spring-petclinic >> version >> Environment tab
run: |
export job="github-action" org="ps" team="architecture" product="jfrog-saas"
# Build Info
# US
# Executive Order:
# https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
# https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity
# US Dept of Commerce: https://www.ntia.gov/page/software-bill-materials
# US Cyber Defence Agency: https://www.cisa.gov/sbom
# NIST: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1
# NITA: https://www.ntia.gov/page/software-bill-materials
# Centers for Medicare & Medicaid Services: https://security.cms.gov/learn/software-bill-materials-sbom
# India
# CERT-IN: https://www.cert-in.org.in/sbom/
- name: "BuildInfo: Collect env"
run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "BuildInfo: Adds dependencies"
continue-on-error: true
run: jf rt bad ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "BuildInfo: Add VCS info"
run: jf rt bag ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "BuildInfo: Docker build create"
run: |
imageDigest=$(cat "${{env.DOCKER_METADATA_JSON}}" | jq '.["containerimage.digest"]')
echo "DOCKER_IMAGE_DIGEST: ${imageDigest}"
echo "DOCKER_IMAGE_DIGEST=${imageDigest}" >> $GITHUB_ENV. # set env var for next steps
echo "${{env.RT_REPO_DOCKER_URL}}@${imageDigest}" > ${{env.DOCKER_METADATA_JSON}}
jf rt bdc ${{env.RT_REPO_DOCKER_VIRTUAL}} --image-file ${{env.DOCKER_METADATA_JSON}} --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}} --project=${{env.PROJECT_KEY_APP_TRUST}} --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "BuildInfo: Build Publish"
run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true --project=${{env.PROJECT_KEY_APP_TRUST}}
# Evidence - Build references
# Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management
# CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service
- name: "Evidence: Build Publish"
# continue-on-error: true
run: |
echo '{ "actor": "${{github.actor}}", "pipeline": "github actions","build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-BuildPublish"}' > ./${{env.EVIDENCE_SPEC_JSON}}
cat ./${{env.EVIDENCE_SPEC_JSON}}
jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}}
#echo " - Evidence for BUILD Publish attached. " >> $GITHUB_STEP_SUMMARY
# curl -L 'https://psazuse.jfrog.io/xray/api/v1/binMgr/builds' -H 'Content-Type: application/json' -H 'Authorization: ••••••' -d '{ "names": ["spring-petclinic"] }'
- name: "Optional: Add Builds to Indexing Configuration"
run: |
jf xr curl "/api/v1/binMgr/builds" -H 'Content-Type: application/json' -d '{"names": ["${{env.BUILD_NAME}}"] }'
# Set properties
- name: "Optional: Set prop for Artifact" # These properties were captured Artifacts >> repo path 'spring-petclinic.---.jar' >> Properties
run: |
ts="cmd.$(date '+%Y-%m-%d-%H-%M')"
jf rt sp "job=github-action;env=demo;org=ps;team=arch;pack_cat=webapp;build=maven;product=artifactory;features=package,buildinfo;ts=ts-${BUILD_ID}" --build="${{env.BUILD_NAME}}/${{env.BUILD_ID}}"
- name: "Optional: Query build info"
env:
BUILD_INFO_JSON: "BuildInfo-${{env.BUILD_ID}}.json"
run: |
jf rt curl "/api/build/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" -o $BUILD_INFO_JSON
cat $BUILD_INFO_JSON
- name: "Sleep for few seconds"
env:
SLEEP_TIME: 30
run: |
echo "Sleeping for ${{env.SLEEP_TIME}} seconds..."
sleep ${{env.SLEEP_TIME}} # Sleeping for 20 seconds before executing the build publish seems to have resolved the build-scan issue. This delay might be helping with synchronization or resource availability, ensuring a smooth build process.
echo "Awake now!"
- name: "Optional: Query - Build Scan status"
run: |
jf xr curl "/api/v1/build/status" -H 'Content-Type: application/json' -d '{"name": "${{env.BUILD_NAME}}", "number": "${{env.BUILD_ID}}" }'
# ref https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom
# MVN plugin '<artifactId>cyclonedx-maven-plugin</artifactId>' is used to generate SBOM information in the CycloneDX format# target/classes/META-INF/sbom/application.cdx.json
# ref https://spring.io/blog/2024/05/24/sbom-support-in-spring-boot-3-3
- name: "Optional: Xray sbom-enrich"
run: |
jf se "target/classes/META-INF/sbom/application.cdx.json" --threads=100
- name: "BuildInfo: Xray - Build scan"
timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes
continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error
run: |
jf bs ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --fail=false --format=table --extended-table=true --rescan=false --vuln=true --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "Optional: Build Scan V2" # https://jfrog.com/help/r/xray-rest-apis/scan-build-v2
# jf xr curl /api/v2/ci/build -H 'Content-Type: application/json' -d '{"build_name": "spring-petclinic", "build_number": "ga-gdl-xray-50","rescan":true }'
run: |
jf xr curl /api/v2/ci/build -H 'Content-Type: application/json' -d '{"build_name": "${{env.BUILD_NAME}}", "build_number": "${{env.BUILD_ID}}","rescan":false }'
# Release Bundle v2
- name: "RLM: RBv2 spec - create"
run: |
echo "{ \"files\": [ {\"build\": \"${{env.BUILD_NAME}}/${{env.BUILD_ID}}\", \"includeDeps\":\"true\"} ] }" > ${{env.RBv2_SPEC_JSON}}
- name: "RLM: RBv2 Create NEW"
run: |
cat ${{env.RBv2_SPEC_JSON}}
jf rbc ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} --spec=${{env.RBv2_SPEC_JSON}} --project=${{env.PROJECT_KEY_APP_TRUST}}
- name: "RLM: Xray Indexing"
run: |
jf xr curl "/api/v1/binMgr/release_bundle_v2" -H 'Content-Type: application/json' -d "{\"names\": [\"${{env.BUILD_NAME}}\"] }"
# Evidence - RBv2 new references
# Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management
# CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service
- name: "Evidence: RBv2 state NEW"
# continue-on-error: true
env:
# https://psazuse.jfrog.io/ui/artifactory/lifecycle/?bundleName=spring-petclinic&bundleToFlash=spring-petclinic&repositoryKey=release-bundles-v2&activeKanbanTab=promotion
NAME_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName=${{env.BUILD_NAME}}&bundleToFlash=${{env.BUILD_NAME}}&repositoryKey=release-bundles-v2&activeKanbanTab=promotion"
VER_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName='${{env.BUILD_NAME}}'&bundleToFlash='${{env.BUILD_NAME}}'&releaseBundleVersion='${{env.BUILD_ID}}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion"
run: |
echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "NEW" }' > ./${{env.EVIDENCE_SPEC_JSON}}
cat ./${{env.EVIDENCE_SPEC_JSON}}
jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/promotion/v1 --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}} --project=${{env.PROJECT_KEY_APP_TRUST}}