diff --git a/.github/workflows/jf-cli.yml b/.github/workflows/jf-cli.yml new file mode 100755 index 000000000..8ffa798e9 --- /dev/null +++ b/.github/workflows/jf-cli.yml @@ -0,0 +1,1301 @@ +name: "JF-CLI: JAVA" +on: push + +permissions: + actions: read # for detecting the Github Actions environment. + id-token: write # for creating OIDC tokens for signing. + packages: write # for uploading attestations. + contents: read + security-events: write # Required for uploading code scanning. +env: + JF_RT_URL: "https://${{vars.JF_NAME}}.jfrog.io" + BUILD_NAME: "spring-petclinic" + JAR_VERSION: "3.5.0-SNAPSHOT" # spring-petclinic-3.5.0-SNAPSHOT.jar + JOB_SUMMARY: false + JFROG_CLI_LOG_LEVEL: DEBUG # DEBUG, INFO, WARN, ERROR + JAVA_PROVIDER: 'corretto' + JAVA_VERSION: '17' + EVIDENCE_SPEC_JSON: 'evd-spec-info.json' # ref https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-setup + RBv2_SPEC_JSON: "rbv2-spec-info.json" + #RBV2_SIGNING_KEY: "${{secrets.RBV2_SIGNING_KEY}}" # ref https://jfrog.com/help/r/jfrog-artifactory-documentation/create-signing-keys-for-release-bundles-v2 + DEFAULT_WORKSPACE: "${{github.workspace}}" # /home/runner/work/spring-petclinic/spring-petclinic +jobs: + dockerPackage: + name: "Docker" + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + java: [17] + include: + - language: ['java-kotlin'] + build-mode: none + env: + BUILD_ID: "psj-dkr-${{github.run_number}}" + RT_REPO_MVN_VIRTUAL: "springpetclinic-mvn-virtual" + # RT_REPO_MVN_DEFAULT_LOCAL: "springpetclinic-mvn-snapshot-local" # springpetclinic-mvn-dev-local, springpetclinic-mvn-qa-local, springpetclinic-mvn-prod-local + RT_REPO_DOCKER_VIRTUAL: "springpetclinic-docker-virtual" + RT_REPO_DOCKER_DEFAULT_LOCAL: "springpetclinic-docker-snapshot-local" # springpetclinic-docker-dev-local, springpetclinic-docker-qa-local, springpetclinic-docker-prod-local + RT_REPO_DEV_LOCAL: "springpetclinic-docker-dev-local" + RT_REPO_QA_LOCAL: s"pringpetclinic-docker-qa-local" + RT_REPO_PROD_LOCAL: "springpetclinic-docker-prod-local" + DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64' + DOCKER_METADATA_JSON: 'build-metadata.json' + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + + runs-on: ${{matrix.os}} + timeout-minutes: 30 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes + steps: + # Use the specific setup-cli branch. Ref https://github.com/marketplace/actions/setup-jfrog-cli + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + JFROG_CLI_RELEASES_REPO: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}' + JFROG_CLI_EXTRACTORS_REMOTE: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}' + JF_GIT_TOKEN: ${{secrets.GITHUB_TOKEN}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Clone VCS" + uses: actions/checkout@v4 # ref: https://github.com/actions/checkout + + - name: "Java provider = ${{env.JAVA_PROVIDER}} with ver = ${{env.JAVA_VERSION}}" + uses: actions/setup-java@v4 # ref https://github.com/actions/setup-java + with: + distribution: ${{env.JAVA_PROVIDER}} # corretto + java-version: ${{env.JAVA_VERSION}} # 17 + cache: 'maven' + cache-dependency-path: 'pom.xml' + + - name: "Software version" + run: | + # JFrog CLI version + jf --version + # Ping the server + jf rt ping + # Java + java -version + # MVN + mvn -version + # Docker + docker -v + # Python + python3 -V + pip3 -V + # jf config + jf config show + + - name: "Config jf with mvn repos" + run: | + jf mvnc --global --repo-resolve-releases ${{env.RT_REPO_MVN_VIRTUAL}} --repo-resolve-snapshots ${{env.RT_REPO_MVN_VIRTUAL}} + + - name: "Create ENV variables" + run: | + echo "RT_REPO_DOCKER_URL=${{vars.JF_NAME}}.jfrog.io/${{env.RT_REPO_DOCKER_VIRTUAL}}/${{env.BUILD_NAME}}:${{env.BUILD_ID}}" >> $GITHUB_ENV + + - name: "Docker authentication" # ref https://github.com/marketplace/actions/docker-login + id: config-docker + uses: docker/login-action@v3 + with: + registry: ${{env.JF_RT_URL}} + username: ${{steps.setup-cli.outputs.oidc-user}} + password: ${{steps.setup-cli.outputs.oidc-token}} + + - name: "Docker buildx instance" + uses: docker/setup-buildx-action@v3 # ref: https://github.com/marketplace/actions/docker-setup-buildx h + with: + use: true + platforms: ${{env.DOCKER_BUILDX_PLATFORMS}} # linux/amd64,linux/arm64 # ref: https://docs.docker.com/reference/cli/docker/buildx/create/#platform + install: true + + - name: "list folder" + run: | + pwd + tree . + + - name: "Docker: Summary " + run: | + echo "# :frog: :ship: Docker: Summary :pushpin:" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Installed JFrog CLI [$(jf --version)](https://jfrog.com/getcli/) and Java [${{env.JAVA_PROVIDER}}](https://github.com/actions/setup-java) v${{env.JAVA_VERSION}} " >> $GITHUB_STEP_SUMMARY + echo " - $(jf --version) " >> $GITHUB_STEP_SUMMARY + echo " - $(mvn -v) " >> $GITHUB_STEP_SUMMARY + echo " - $(docker -v) " >> $GITHUB_STEP_SUMMARY + echo " - Docker buildx configured with platforms: [${{env.DOCKER_BUILDX_PLATFORMS}}](https://docs.docker.com/reference/cli/docker/buildx/create/#platform) " >> $GITHUB_STEP_SUMMARY + echo " - Configured the JFrog Cli and Docker login with SaaS Artifactory OIDC integration " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Variables info" >> $GITHUB_STEP_SUMMARY + echo " - ID: ${{env.BUILD_ID}} " >> $GITHUB_STEP_SUMMARY + echo " - Build Name: ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY + echo " - Maven Repo URL: ${{env.RT_REPO_MVN_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY + echo " - Docker Repo URL: ${{env.RT_REPO_DOCKER_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY + echo " - Docker URL: ${{env.RT_REPO_DOCKER_URL}}" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + # Package + - name: "Curation: audit" # https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security/cli-for-jfrog-curation + timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf ca --format=table --threads=100 + + - name: "Xray & JAS: Audit" # https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security + # scan for Xray: Source code dependencies and JAS: Secrets Detection, IaC, Vulnerabilities Contextual Analysis 'SAST' + timeout-minutes: 15 # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf audit --mvn --sast=true --sca=true --secrets=true --licenses=true --validate-secrets=true --vuln=true --format=table --extended-table=true --threads=100 --fail=false + + - name: "Package: Create MVN Build" + # jf mvn clean install -DskipTests=true -Denforcer.skip=true --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}} + run: | # -Djar.finalName=${{env.JAR_FINAL_NAME}} + mvn clean install -DskipTests=true -Denforcer.skip=true + + - name: "Package: Xray - mvn Artifact scan" + timeout-minutes: 15 # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf scan . --format=table --extended-table=true --threads=100 --fail=false + + - name: "Package: Docker build and push" + env: + JAR_FILE: "${{env.BUILD_NAME}}-${{env.JAR_VERSION}}.jar" # spring-petclinic-3.5.0-SNAPSHOT.jar + run: | + docker image build -f jfrog/Dockerfile --build-arg JAR_FILE=${{env.JAR_FILE}} -t ${{env.RT_REPO_DOCKER_URL}} --platform "${{env.DOCKER_BUILDX_PLATFORMS}}" --metadata-file "${{env.DOCKER_METADATA_JSON}}" --push . + + - name: "Optional: Docker pull image" + run: | + docker pull ${{env.RT_REPO_DOCKER_URL}} + + - name: "Package: Docker image list" + run: | + docker image ls + + # Evidence - Package references + # Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management + # CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service + # jf evd create --predicate ./evd-package.json --predicate-type https://jfrog.com/evidence/build-signature/v1 --package-name spring-petclinic --package-version evd.2025-01-31-14-53 --package-repo-name "krishnam-docker-virtual" --key ~/.ssh/jfrog_evd_public.pem --key-alias "KRISHNAM_JFROG_EVD_PUBLICKEY" + - name: "Evidence: Package" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions","build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd":"Evidence-Package", "package":"${{env.RT_REPO_DOCKER_URL}}" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --package-name ${{env.BUILD_NAME}} --package-version ${{env.BUILD_ID}} --package-repo-name ${{env.RT_REPO_DOCKER_VIRTUAL}} --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 + #echo " - Evidence for PACKAGE attached. Info available SaaS >> tab: Application >> left menu: Artifactory >> Packages >> ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY + + - name: "Package: Xray - docker Artifact scan" + timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf docker scan ${{env.RT_REPO_DOCKER_URL}} --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --format=table --extended-table=true --threads=100 --fail=false --detailed-summary=true --vuln=true --licenses=true + + - name: "Optional: Set env vars for BuildInfo" # These properties were captured in Builds >> spring-petclinic >> version >> Environment tab + run: | + export job="github-action" org="ps" team="architecture" product="jfrog-saas" + + # Build Info + # US + # Executive Order: + # https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ + # https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity + # US Dept of Commerce: https://www.ntia.gov/page/software-bill-materials + # US Cyber Defence Agency: https://www.cisa.gov/sbom + # NIST: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1 + # NITA: https://www.ntia.gov/page/software-bill-materials + # Centers for Medicare & Medicaid Services: https://security.cms.gov/learn/software-bill-materials-sbom + # India + # CERT-IN: https://www.cert-in.org.in/sbom/ + - name: "BuildInfo: Collect env" + run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}} + + - name: "BuildInfo: Add VCS info" + run: jf rt bag ${{env.BUILD_NAME}} ${{env.BUILD_ID}} + + - name: "BuildInfo: Docker build create" + run: | + imageDigest=$(cat "${{env.DOCKER_METADATA_JSON}}" | jq '.["containerimage.digest"]') + echo "${imageDigest}" + + echo "${{env.RT_REPO_DOCKER_URL}}@${imageDigest}" > ${{env.DOCKER_METADATA_JSON}} + + jf rt bdc ${{env.RT_REPO_DOCKER_VIRTUAL}} --image-file ${{env.DOCKER_METADATA_JSON}} --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}} + + - name: "BuildInfo: Build Publish" + run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true + + # Evidence - Build references + # Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management + # CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service + - name: "Evidence: Build Publish" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions","build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-BuildPublish"}' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + #echo " - Evidence for BUILD Publish attached. " >> $GITHUB_STEP_SUMMARY + + # curl -L 'https://psazuse.jfrog.io/xray/api/v1/binMgr/builds' -H 'Content-Type: application/json' -H 'Authorization: ••••••' -d '{ "names": ["spring-petclinic"] }' + - name: "Optional: Add Builds to Indexing Configuration" + run: | + jf xr curl "/api/v1/binMgr/builds" -H 'Content-Type: application/json' -d '{"names": ["${{env.BUILD_NAME}}"] }' + # Set properties + - name: "Optional: Set prop for Artifact" # These properties were captured Artifacts >> repo path 'spring-petclinic.---.jar' >> Properties + run: | + ts="cmd.$(date '+%Y-%m-%d-%H-%M')" + jf rt sp "job=github-action;env=demo;org=ps;team=arch;pack_cat=webapp;build=maven;product=artifactory;features=package,buildinfo;ts=ts-${BUILD_ID}" --build="${{env.BUILD_NAME}}/${{env.BUILD_ID}}" + + - name: "Optional: Query build info" + env: + BUILD_INFO_JSON: "BuildInfo-${{env.BUILD_ID}}.json" + run: | + jf rt curl "/api/build/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" -o $BUILD_INFO_JSON + cat $BUILD_INFO_JSON + + - name: "Sleep for few seconds" + env: + SLEEP_TIME: 30 + run: | + echo "Sleeping for ${{env.SLEEP_TIME}} seconds..." + sleep ${{env.SLEEP_TIME}} # Sleeping for 20 seconds before executing the build publish seems to have resolved the build-scan issue. This delay might be helping with synchronization or resource availability, ensuring a smooth build process. + echo "Awake now!" + + - name: "Optional: Query - Build Scan status" + run: | + jf xr curl "/api/v1/build/status" -H 'Content-Type: application/json' -d '{"name": "${{env.BUILD_NAME}}", "number": "${{env.BUILD_ID}}" }' + + # ref https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom + # MVN plugin 'cyclonedx-maven-plugin' is used to generate SBOM information in the CycloneDX format# target/classes/META-INF/sbom/application.cdx.json + # ref https://spring.io/blog/2024/05/24/sbom-support-in-spring-boot-3-3 + - name: "Optional: Xray sbom-enrich" + run: | + jf se "target/classes/META-INF/sbom/application.cdx.json" --threads=100 + + - name: "BuildInfo: Xray - Build scan" + timeout-minutes: 15 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf bs ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --fail=false --format=table --extended-table=true --rescan=false --vuln=true + + - name: "Optional: Build Scan V2" # https://jfrog.com/help/r/xray-rest-apis/scan-build-v2 + # jf xr curl /api/v2/ci/build -H 'Content-Type: application/json' -d '{"build_name": "spring-petclinic", "build_number": "ga-gdl-xray-50","rescan":true }' + run: | + jf xr curl /api/v2/ci/build -H 'Content-Type: application/json' -d '{"build_name": "${{env.BUILD_NAME}}", "build_number": "${{env.BUILD_ID}}","rescan":false }' + + # Release Bundle v2 + - name: "RLM: RBv2 spec - create" + run: | + echo "{ \"files\": [ {\"build\": \"${{env.BUILD_NAME}}/${{env.BUILD_ID}}\", \"includeDeps\":\"true\"} ] }" > ${{env.RBv2_SPEC_JSON}} + + - name: "RLM: RBv2 Create NEW" + run: | + cat ${{env.RBv2_SPEC_JSON}} + jf rbc ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} --spec=${{env.RBv2_SPEC_JSON}} + + # Evidence - RBv2 new references + # Docs# https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management + # CLI# https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/evidence-service + - name: "Evidence: RBv2 state NEW" + continue-on-error: true + env: + # https://psazuse.jfrog.io/ui/artifactory/lifecycle/?bundleName=spring-petclinic&bundleToFlash=spring-petclinic&repositoryKey=release-bundles-v2&activeKanbanTab=promotion + NAME_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName=${{env.BUILD_NAME}}&bundleToFlash=${{env.BUILD_NAME}}&repositoryKey=release-bundles-v2&activeKanbanTab=promotion" + VER_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName='${{env.BUILD_NAME}}'&bundleToFlash='${{env.BUILD_NAME}}'&releaseBundleVersion='${{env.BUILD_ID}}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion" + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "NEW" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + #echo " - Evidence for RBv2 attached at [${{env.BUILD_NAME}}](${{env.VER_LINK}}) " >> $GITHUB_STEP_SUMMARY + + dockerRBv2PromoteDev: + name: "Docker: RBv2 Promote DEV" + needs: dockerPackage + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "DEV" + BUILD_ID: "psj-dkr-${{github.run_number}}" + RT_REPO_DEV_LOCAL: "springpetclinic-docker-dev-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_DEV_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "unittests": "100/100" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + dockerRBv2PromoteQA: + name: "Docker: RBv2 Promote QA" + needs: dockerRBv2PromoteDev + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "QA" + BUILD_ID: "psj-dkr-${{github.run_number}}" + RT_REPO_QA_LOCAL: "springpetclinic-docker-qa-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_QA_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "QA-validation": "99/100" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + dockerRBv2PromoteProd: + name: "Docker: RBv2 Promote Prod" + needs: dockerRBv2PromoteQA + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "PROD" + BUILD_ID: "psj-dkr-${{github.run_number}}" + RT_REPO_PROD_LOCAL: "springpetclinic-docker-prod-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_PROD_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "prod-validation": "100/100"}' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + - name: "Optional: rbv2-summary" + continue-on-error: true + env: + NAME_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName=${{env.BUILD_NAME}}&bundleToFlash=${{env.BUILD_NAME}}&repositoryKey=release-bundles-v2&activeKanbanTab=promotion" + VER_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName='${{env.BUILD_NAME}}'&bundleToFlash='${{env.BUILD_NAME}}'&releaseBundleVersion='${{env.BUILD_ID}}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion" + CURL_URL: "${{env.JF_RT_URL}}/lifecycle/api/v2/promotion/records/${{env.BUILD_NAME}}/${{env.BUILD_ID}}?async=false" + run: | + echo "# 📦 Release Lifecycle Management (RLM): RBv2 Summary :rocket: " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo "The Build Artifacts has elevated to the subsequent stages" >> $GITHUB_STEP_SUMMARY + RB2_STATUS_RESP=$(curl -v -G ${{env.CURL_URL}} -H 'Content-Type: application/json' -H "Authorization: Bearer ${{steps.setup-cli.outputs.oidc-token}}") + echo $RB2_STATUS_RESP > RBv2_STATUS-${{env.BUILD_ID}}.json + cat RBv2_STATUS-${{env.BUILD_ID}}.json + items=$(echo "$RB2_STATUS_RESP" | jq -c -r '.promotions[]') + for item in ${items[@]}; do + envVal=$(echo $item | jq -r '.environment') + crtVal=$(echo $item | jq -r '.created') + echo " - ${envVal} on ${crtVal} " >> $GITHUB_STEP_SUMMARY + done + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Release bundle [${{env.BUILD_NAME}}](${{env.NAME_LINK}}):[${{env.BUILD_ID}}](${{env.VER_LINK}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + # Query build + - name: "Optional: Query build info" + env: + BUILD_INFO_JSON: "BuildInfo-${{env.BUILD_ID}}.json" + run: | + jf rt curl "/api/build/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" -o $BUILD_INFO_JSON + cat $BUILD_INFO_JSON + + dockerSaasDistribute: + name: "Docker: Distribute to SaaS JPDs & Edges" + needs: dockerRBv2PromoteProd + runs-on: ubuntu-latest + env: + BUILD_ID: "psj-dkr-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + # ref: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#distribute-a-release-bundle-v2 + - name: "RBv2 Distribute to SaaS Artifactory and edges" + run: | + jf rbd ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --sync=true --create-repo=true + + # refer: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#download-release-bundle-v2-content + - name: "Download RBv2 from SaaS Artifactory" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Query Distribution status" # https://psazuse.jfrog.io/lifecycle/api/v2/distribution/trackers/spring-petclinic/ga-49 + run: | + jf rt curl "/lifecycle/api/v2/distribution/trackers/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" + + - name: "Info list" + run: | + pwd + ls -lR . + - name: "Optional Saas Artifactory summary" + continue-on-error: true + env: + CURL_URL: "${{env.JF_RT_URL}}/lifecycle/api/v2/distribution/trackers/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" + run: | + echo "# :frog: Download package from SaaS 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from Artifactory [${{env.JF_RT_URL}}](${{env.JF_RT_URL}}) to " >> $GITHUB_STEP_SUMMARY + RB2_DISTRIBUTE_RESP=$(curl -v -G ${{env.CURL_URL}} -H 'Content-Type: application/json' -H "Authorization: Bearer ${{steps.setup-cli.outputs.oidc-token}}") + echo $RB2_DISTRIBUTE_RESP > RB2_DISTRIBUTE-${{env.BUILD_ID}}.json + cat RB2_DISTRIBUTE-${{env.BUILD_ID}}.json + items=$(echo "$RB2_DISTRIBUTE_RESP" | jq -c -r '.[] .targets[]') + for item in ${items[@]}; do + echo $item + echo " - [${item}.jfrog.io](https://${item}.jfrog.io) " >> $GITHUB_STEP_SUMMARY + done + echo " " >> $GITHUB_STEP_SUMMARY + + dockerSleepAfterDistribution: + name: "Docker: SYNC Sleep few seconds" + needs: dockerSaasDistribute + runs-on: ubuntu-latest + env: + SLEEP_TIME: 60 + steps: + - name: "Sleep for ${{env.SLEEP_TIME}} seconds" + run: | + echo "Sleeping for ${{env.SLEEP_TIME}} seconds..." + sleep ${{env.SLEEP_TIME}} + echo "Awake now!" + + dockerDownloadRBv2FromSaasPsAzUse: + name: "Docker: Download RBv2 from SaaS ${{vars.JF_NAME}} Artifactory" + needs: dockerSaasDistribute + runs-on: ubuntu-latest + continue-on-error: true + env: + BUILD_ID: "psj-dkr-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Artifactory config show" + run: | + jf config show + + - name: "Download RBv2 from ${{vars.JF_NAME}} SaaS" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_RT_URL}} Artifactory summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from SaaS Artifactory [${{env.JF_URL}}](${{env.JF_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + dockerDownloadRBv2FromSaasSolEng: + name: "Docker: Download RBv2 from SaaS ${{vars.JF_NAME_2}} Artifactory" + needs: dockerSleepAfterDistribution + runs-on: ubuntu-latest + continue-on-error: true + env: + JF_URL: "https://${{vars.JF_NAME_2}}.jfrog.io" + BUILD_ID: "psj-dkr-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: "${{env.JF_URL}}" + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Artifactory config show" + run: | + jf config show + + - name: "Download RBv2 from ${{vars.JF_NAME_2}} SaaS" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_NAME_2}} Artifactory summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from SaaS Artifactory [${{vars.JF_NAME_2}}](${{env.JF_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + dockerDownloadRBv2FromSaasEdge: + name: "Docker: Download RBv2 from SaaS ${{vars.JF_EDGE_NAME}} Edge" + needs: dockerSleepAfterDistribution + runs-on: ubuntu-latest + continue-on-error: true + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + env: + JF_EDGE_URL: "https://${{vars.JF_EDGE_NAME}}.jfrog.io" + BUILD_ID: "psj-dkr-${{github.run_number}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_EDGE_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Edge config show" + run: | + jf config show + + # refer: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#download-release-bundle-v2-content + - name: "Download RBv2 from SaaS Edge" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_EDGE_NAME}} Edge summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_EDGE_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from Edge [${{vars.JF_EDGE_NAME}}](${{env.JF_EDGE_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + mvnPackage: + name: "MVN Package" + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + java: [17] + include: + - language: ['java-kotlin'] + build-mode: none + env: + BUILD_ID: "psj-mvn-${{github.run_number}}" + JAVA_PROVIDER: 'corretto' + JAVA_VERSION: '17' + RT_REPO_MVN_VIRTUAL: "springpetclinic-mvn-virtual" + RT_REPO_MVN_DEFAULT_LOCAL: "springpetclinic-mvn-snapshot-local" # springpetclinic-mvn-dev-local, springpetclinic-mvn-qa-local, springpetclinic-mvn-prod-local + RT_REPO_DEV_LOCAL: "springpetclinic-mvn-dev-local" + RT_REPO_QA_LOCAL: "springpetclinic-mvn-qa-local" + RT_REPO_PROD_LOCAL: "springpetclinic-mvn-prod-local" + + runs-on: ${{matrix.os}} + timeout-minutes: 30 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + JFROG_CLI_RELEASES_REPO: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}' + JFROG_CLI_EXTRACTORS_REMOTE: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_MVN_VIRTUAL}}' + JF_GIT_TOKEN: ${{secrets.GITHUB_TOKEN}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Clone VCS" + uses: actions/checkout@v4 # ref: https://github.com/actions/checkout + + - name: "Java provider = ${{env.JAVA_PROVIDER}} with ver = ${{env.JAVA_VERSION}} " + uses: actions/setup-java@v4 # ref https://github.com/actions/setup-java + with: + distribution: ${{env.JAVA_PROVIDER}} # corretto + java-version: ${{env.JAVA_VERSION}} # 17 + cache: 'maven' + cache-dependency-path: 'pom.xml' + + - name: "Software version" + run: | + # JFrog CLI version + jf --version + # Ping the server + jf rt ping + # Java + java -version + # MVN + mvn -version + # Docker + docker -v + # Python + python3 -V + pip3 -V + # jf config + jf config show + + - name: "Config jf with mvn repos" + run: | + jf mvnc --global --repo-resolve-releases ${{env.RT_REPO_MVN_VIRTUAL}} --repo-resolve-snapshots ${{env.RT_REPO_MVN_VIRTUAL}} --repo-deploy-releases ${{env.RT_REPO_MVN_VIRTUAL}} --repo-deploy-snapshots ${{env.RT_REPO_MVN_VIRTUAL}} + + - name: "list folder" + run: | + pwd + tree . + + - name: "MVN: Summary" + run: | + echo "# :frog: MVN: Summary :pushpin:" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Installed JFrog CLI [$(jf --version)](https://jfrog.com/getcli/) and Java [${{env.JAVA_PROVIDER}}](https://github.com/actions/setup-java) v${{env.JAVA_VERSION}} " >> $GITHUB_STEP_SUMMARY + echo " - $(jf --version) " >> $GITHUB_STEP_SUMMARY + echo " - $(mvn -v) " >> $GITHUB_STEP_SUMMARY + echo " - Configured the JFrog Cli and Docker login with SaaS Artifactory OIDC integration " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Variables info" >> $GITHUB_STEP_SUMMARY + echo " - ID: ${{env.BUILD_ID}} " >> $GITHUB_STEP_SUMMARY + echo " - Build Name: ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY + echo " - Maven Repo URL: ${{env.RT_REPO_MVN_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + # echo " - Evidence Info: " >> $GITHUB_STEP_SUMMARY + + - name: "Curation: audit" + timeout-minutes: 15 + continue-on-error: true + run: | + jf ca --format=table --threads=100 + + - name: "Xray & JAS: Audit" + timeout-minutes: 15 + continue-on-error: true + run: | + jf audit --mvn --sast=true --sca=true --secrets=true --licenses=true --validate-secrets=true --vuln=true --format=table --extended-table=true --threads=100 --fail=false + + - name: "Package: Create MVN Build" + run: | # -Djar.finalName=${{env.JAR_FINAL_NAME}} + jf mvn clean install -DskipTests=true -Denforcer.skip=true -f pom.xml --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} + + - name: "Package: Xray - mvn Artifact scan" + timeout-minutes: 15 # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes + continue-on-error: true # ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error + run: | + jf scan . --format=table --extended-table=true --threads=100 --fail=false + + # Build Info + - name: "BuildInfo: Collect env" + run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}} + + - name: "BuildInfo: Build Publish" + run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true + + - name: "Evidence: Build Info" + continue-on-error: true + env: + EVD_JSON: "./target/build-info.json" + run: | + cat ${{env.EVD_JSON}} + jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ${{env.EVD_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + - name: "Evidence: Build Publish" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions","build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-BuildPublish"}' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --build-name ${{env.BUILD_NAME}} --build-number ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + # echo " - Evidence for BUILD Publish attached. " >> $GITHUB_STEP_SUMMARY + + - name: "Optional: Add Builds to Indexing Configuration" + run: | + jf xr curl "/api/v1/binMgr/builds" -H 'Content-Type: application/json' -d '{"names": ["${{env.BUILD_NAME}}"] }' + + - name: "Optional: Query build info" + env: + BUILD_INFO_JSON: "BuildInfo-${{env.BUILD_ID}}.json" + run: | + jf rt curl "/api/build/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" -o ${{env.BUILD_INFO_JSON}} + cat ${{env.BUILD_INFO_JSON}} + + - name: "Sleep for few seconds" + env: + SLEEP_TIME: 30 + run: | + echo "Sleeping for ${{env.SLEEP_TIME}} seconds..." + sleep ${{env.SLEEP_TIME}} # Sleeping for 20 seconds before executing the build publish seems to have resolved the build-scan issue. This delay might be helping with synchronization or resource availability, ensuring a smooth build process. + echo "Awake now!" + + - name: "Optional: Query - Build Scan status" + run: | + jf xr curl "/api/v1/build/status" -H 'Content-Type: application/json' -d '{"name": "${{env.BUILD_NAME}}", "number": "${{env.BUILD_ID}}" }' + + - name: "Optional: Xray sbom-enrich" + run: | + jf se "target/classes/META-INF/sbom/application.cdx.json" --threads=100 + + - name: "BuildInfo: Xray - Build scan" + timeout-minutes: 15 + continue-on-error: true + run: | + jf bs ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --fail=false --format=table --extended-table=true --rescan=false --vuln=true + + - name: "Optional: Build Scan V2" + run: | + jf xr curl /api/v2/ci/build -H 'Content-Type: application/json' -d '{"build_name": "${{env.BUILD_NAME}}", "build_number": "${{env.BUILD_ID}}","rescan":false }' + + # Release Bundle v2 + - name: "RLM: RBv2 spec - create" + run: | + echo "{ \"files\": [ {\"build\": \"${{env.BUILD_NAME}}/${{env.BUILD_ID}}\", \"includeDeps\":\"false\"} ] }" > ${{env.RBv2_SPEC_JSON}} + + - name: "RLM: RBv2 Create NEW" + run: | + cat ${{env.RBv2_SPEC_JSON}} + + jf rbc ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} --spec=${{env.RBv2_SPEC_JSON}} + + - name: "Evidence: RBv2 state NEW" + continue-on-error: true + env: + VER_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName='${{env.BUILD_NAME}}'&bundleToFlash='${{env.BUILD_NAME}}'&releaseBundleVersion='${{env.BUILD_ID}}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion" + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "NEW" }' > ${{env.EVIDENCE_SPEC_JSON}} + cat ${{env.EVIDENCE_SPEC_JSON}} + + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + + mvnRBv2PromoteDev: + name: "MVN: RBv2 Promote DEV" + needs: mvnPackage + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "DEV" + BUILD_ID: "psj-mvn-${{github.run_number}}" + RT_REPO_MVN_VIRTUAL: "springpetclinic-mvn-virtual" + RT_REPO_DEV_LOCAL: "springpetclinic-mvn-dev-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_DEV_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "unittests": "100/100" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + mvnRBv2PromoteQA: + name: "MVN: RBv2 Promote QA" + needs: mvnRBv2PromoteDev + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "QA" + BUILD_ID: "psj-mvn-${{github.run_number}}" + RT_REPO_QA_LOCAL: "springpetclinic-mvn-qa-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_QA_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "QA-validation": "99/100" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + mvnRBv2PromoteProd: + name: "MVN: RBv2 Promote Prod" + needs: mvnRBv2PromoteQA + runs-on: ubuntu-latest + env: + RBv2_ENV_VAL: "PROD" + BUILD_ID: "psj-mvn-${{github.run_number}}" + RT_REPO_PROD_LOCAL: "springpetclinic-mvn-prod-local" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "RLM: RBv2 promote ${{env.RBv2_ENV_VAL}}" + run: | + jf rbp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} ${{env.RBv2_ENV_VAL}} --include-repos=${{env.RT_REPO_PROD_LOCAL}} --sync=true --signing-key=${{secrets.RBV2_SIGNING_KEY}} + + - name: "Evidence: RBv2 state ${{env.RBv2_ENV_VAL}}" + continue-on-error: true + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-RBv2", "rbv2_stage": "${{env.RBv2_ENV_VAL}}", "prod-validation": "100/100"}' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + jf evd create --release-bundle ${{env.BUILD_NAME}} --release-bundle-version ${{env.BUILD_ID}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} + + - name: "Optional: rbv2-summary" + continue-on-error: true + env: + NAME_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName=${{env.BUILD_NAME}}&bundleToFlash=${{env.BUILD_NAME}}&repositoryKey=release-bundles-v2&activeKanbanTab=promotion" + VER_LINK: "${{env.JF_RT_URL}}/ui/artifactory/lifecycle/?bundleName='${{env.BUILD_NAME}}'&bundleToFlash='${{env.BUILD_NAME}}'&releaseBundleVersion='${{env.BUILD_ID}}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion" + CURL_URL: "${{env.JF_RT_URL}}/lifecycle/api/v2/promotion/records/${{env.BUILD_NAME}}/${{env.BUILD_ID}}?async=false" + run: | + echo "# 📦 Release Lifecycle Management (RLM): RBv2 Summary :rocket: " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo "The Build Artifacts has elevated to the subsequent stages" >> $GITHUB_STEP_SUMMARY + RB2_STATUS_RESP=$(curl -v -G ${{env.CURL_URL}} -H 'Content-Type: application/json' -H "Authorization: Bearer ${{steps.setup-cli.outputs.oidc-token}}") + echo $RB2_STATUS_RESP > RBv2_STATUS-${{env.BUILD_ID}}.json + cat RBv2_STATUS-${{env.BUILD_ID}}.json + items=$(echo "$RB2_STATUS_RESP" | jq -c -r '.promotions[]') + for item in ${items[@]}; do + envVal=$(echo $item | jq -r '.environment') + crtVal=$(echo $item | jq -r '.created') + echo " - ${envVal} on ${crtVal} " >> $GITHUB_STEP_SUMMARY + done + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Release bundle [${{env.BUILD_NAME}}](${{env.NAME_LINK}}):[${{env.BUILD_ID}}](${{env.VER_LINK}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + # Query build + - name: "Optional: Query build info" + env: + BUILD_INFO_JSON: "BuildInfo-${{env.BUILD_ID}}.json" + run: | + jf rt curl "/api/build/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" -o $BUILD_INFO_JSON + cat $BUILD_INFO_JSON + + mvnSaasDistribute: + name: "MVN: Distribute to SaaS JPDs & Edges" + needs: mvnRBv2PromoteProd + runs-on: ubuntu-latest + env: + BUILD_ID: "psj-mvn-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest #2.71.0 + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + # ref: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#distribute-a-release-bundle-v2 + - name: "RBv2 Distribute to SaaS Artifactory and edges" + run: | + jf rbd ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --sync=true --create-repo=true + + # refer: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#download-release-bundle-v2-content + - name: "Download RBv2 from SaaS Artifactory" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Query Distribution status" # https://psazuse.jfrog.io/lifecycle/api/v2/distribution/trackers/spring-petclinic/ga-49 + run: | + jf rt curl "/lifecycle/api/v2/distribution/trackers/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" + + - name: "Info list" + run: | + pwd + ls -lR . + - name: "Optional Saas Artifactory summary" + continue-on-error: true + env: + CURL_URL: "${{env.JF_RT_URL}}/lifecycle/api/v2/distribution/trackers/${{env.BUILD_NAME}}/${{env.BUILD_ID}}" + run: | + echo "# :frog: Download package from SaaS 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from Artifactory [${{env.JF_RT_URL}}](${{env.JF_RT_URL}}) to " >> $GITHUB_STEP_SUMMARY + RB2_DISTRIBUTE_RESP=$(curl -v -G ${{env.CURL_URL}} -H 'Content-Type: application/json' -H "Authorization: Bearer ${{steps.setup-cli.outputs.oidc-token}}") + echo $RB2_DISTRIBUTE_RESP > RB2_DISTRIBUTE-${{env.BUILD_ID}}.json + cat RB2_DISTRIBUTE-${{env.BUILD_ID}}.json + items=$(echo "$RB2_DISTRIBUTE_RESP" | jq -c -r '.[] .targets[]') + for item in ${items[@]}; do + echo $item + echo " - [${item}.jfrog.io](https://${item}.jfrog.io) " >> $GITHUB_STEP_SUMMARY + done + echo " " >> $GITHUB_STEP_SUMMARY + + mvnSleepAfterDistribution: + name: "MVN: SYNC Sleep few seconds" + needs: mvnSaasDistribute + runs-on: ubuntu-latest + env: + SLEEP_TIME: 60 + steps: + - name: "Sleep for ${{env.SLEEP_TIME}} seconds" + run: | + echo "Sleeping for ${{env.SLEEP_TIME}} seconds..." + sleep ${{env.SLEEP_TIME}} + echo "Awake now!" + + mvnDownloadRBv2FromSaasPsAzUse: + name: "MVN: Download RBv2 from SaaS ${{vars.JF_NAME}} Artifactory" + needs: mvnSaasDistribute + runs-on: ubuntu-latest + continue-on-error: true + env: + BUILD_ID: "psj-mvn-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Artifactory config show" + run: | + jf config show + + - name: "Download RBv2 from ${{vars.JF_NAME}} SaaS" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_RT_URL}} Artifactory summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from SaaS Artifactory [${{env.JF_URL}}](${{env.JF_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + mvnDownloadRBv2FromSaasSolEng: + name: "MVN: Download RBv2 from SaaS ${{vars.JF_NAME_2}} Artifactory" + needs: mvnSleepAfterDistribution + runs-on: ubuntu-latest + continue-on-error: true + env: + JF_URL: "https://${{vars.JF_NAME_2}}.jfrog.io" + BUILD_ID: "psj-mvn-${{github.run_number}}" + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: "${{env.JF_URL}}" + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Artifactory config show" + run: | + jf config show + + - name: "Download RBv2 from ${{vars.JF_NAME_2}} SaaS" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_NAME_2}} Artifactory summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from SaaS Artifactory [${{vars.JF_NAME_2}}](${{env.JF_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + mvnDownloadRBv2FromSaasEdge: + name: "MVN: Download RBv2 from SaaS ${{vars.JF_EDGE_NAME}} Edge" + needs: mvnSleepAfterDistribution + runs-on: ubuntu-latest + continue-on-error: true + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + env: + JF_EDGE_URL: "https://${{vars.JF_EDGE_NAME}}.jfrog.io" + BUILD_ID: "psj-mvn-${{github.run_number}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_EDGE_URL}} + JFROG_CLI_LOG_LEVEL: "ERROR" + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Edge config show" + run: | + jf config show + + # refer: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/binaries-management-with-jfrog-artifactory/release-lifecycle-management#download-release-bundle-v2-content + - name: "Download RBv2 from SaaS Edge" + run: | + jf rt dl --bundle ${{env.BUILD_NAME}}/${{env.BUILD_ID}} --detailed-summary=true --threads=100 + + - name: "Info list" + run: | + pwd + ls -lR . + + - name: "Optional: Saas ${{vars.JF_EDGE_NAME}} Edge summary" + run: | + echo "# :frog: Download package from SaaS ${{vars.JF_EDGE_URL}} 📦 " >> $GITHUB_STEP_SUMMARY + echo " - Download RBv2 from Edge [${{vars.JF_EDGE_NAME}}](${{env.JF_EDGE_URL}}) " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + + # Gradle using Federated repositories + gradlePackage: + name: "Gradle" + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + java: [17 ] + include: + - language: ['java-kotlin'] + build-mode: none + env: + JAVA_PROVIDER: 'corretto' + JAVA_VERSION: '17' + RT_REPO_GRADLE_VIRTUAL: 'springpetclinic-gradle-virtual' + RT_REPO_GRADLE_DEFAULT_LOCAL: 'springpetclinic-gradle-snapshot-fed-local' # springpetclinic-gradle-dev-fed-local + BUILD_ID: "psj-gdl-${{github.run_number}}" + runs-on: ${{matrix.os}} + timeout-minutes: 20 # ref https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes + defaults: + run: + working-directory: "${{env.DEFAULT_WORKSPACE}}" + steps: + - name: "Setup JFrog CLI" + uses: jfrog/setup-jfrog-cli@v4 + id: setup-cli + env: + JF_URL: ${{env.JF_RT_URL}} + JFROG_CLI_LOG_LEVEL: ${{env.JFROG_CLI_LOG_LEVEL}} + JFROG_CLI_RELEASES_REPO: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_GRADLE_VIRTUAL}}' + JFROG_CLI_EXTRACTORS_REMOTE: '${{env.JF_RT_URL}}/artifactory/${{env.RT_REPO_GRADLE_VIRTUAL}}' + JF_GIT_TOKEN: ${{secrets.GITHUB_TOKEN}} + with: + version: latest + oidc-provider-name: ${{vars.JF_OIDC_PROVIDER_NAME}} + disable-job-summary: ${{env.JOB_SUMMARY}} + + - name: "Clone VCS" + uses: actions/checkout@v4 # ref: https://github.com/actions/checkout + + - name: "Java provider = ${{env.JAVA_PROVIDER}} with ver = ${{env.JAVA_VERSION}} " + uses: actions/setup-java@v4 # ref https://github.com/actions/setup-java + with: + distribution: ${{env.JAVA_PROVIDER}} # corretto + java-version: ${{env.JAVA_VERSION}} # 17 + + - name: "Setup Gradle" # ref https://docs.github.com/en/enterprise-cloud@latest/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle + uses: gradle/actions/setup-gradle@v4 # v4.0.0 + with: + gradle-version: release-candidate + - name: "Software version" + run: | + # JFrog CLI version + jf --version + # Ping the server + jf rt ping + # Java + java -version + # Gradle + gradle -v + # jf config + jf config show + + - name: "Config jf with gradle repos" + run: | + jf gradlec --repo-deploy ${{env.RT_REPO_GRADLE_VIRTUAL}} --repo-resolve ${{env.RT_REPO_GRADLE_VIRTUAL}} --repo-deploy ${{env.RT_REPO_GRADLE_VIRTUAL}} + + - name: "list folder" + run: | + pwd + tree . + + - name: "Gradle: summary" + run: | + echo "# :frog: Gradle: Summary :pushpin:" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Installed JFrog CLI [${jfcliv}](https://jfrog.com/getcli/) and Java [${{env.JAVA_PROVIDER}}](https://github.com/actions/setup-java) v${{env.JAVA_VERSION}} " >> $GITHUB_STEP_SUMMARY + echo " - $(jf --version) " >> $GITHUB_STEP_SUMMARY + # echo " - $(gradle -v) " >> $GITHUB_STEP_SUMMARY + echo " - Configured the JFrog Cli with SaaS Artifactory OIDC integration " >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + echo " - Variables info" >> $GITHUB_STEP_SUMMARY + echo " - ID: ${{env.BUILD_ID}} " >> $GITHUB_STEP_SUMMARY + echo " - Build Name: ${{env.BUILD_NAME}} " >> $GITHUB_STEP_SUMMARY + echo " - Gradle Repo URL: ${{env.RT_REPO_GRADLE_VIRTUAL}}" >> $GITHUB_STEP_SUMMARY + echo " " >> $GITHUB_STEP_SUMMARY + + # Package + - name: "Package: Create Build" + run: | + jf gradle clean artifactoryPublish -x test -b ./build.gradle --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}} + + - name: "Evidence: Artifact" + continue-on-error: true + env: + REPO_JAR: "${{env.RT_REPO_GRADLE_DEFAULT_LOCAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.4.0/${{env.BUILD_NAME}}-3.4.0-plain.jar" # /krishnam-gdl-dev-fed/org/springframework/samples/spring-petclinic/3.4.0/ + # REPO_JAR: "${{env.RT_REPO_GRADLE_VIRTUAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.4.0/${{env.BUILD_NAME}}-3.4.0-plain.jar" # krishnam-gradle-virtual/org/springframework/samples/spring-petclinic/3.4.0/spring-petclinic-3.4.0-plain.jar + run: | + echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-Artifact", "artifact": "${{env.REPO_JAR}}" }' > ./${{env.EVIDENCE_SPEC_JSON}} + cat ./${{env.EVIDENCE_SPEC_JSON}} + + jf evd create --subject-repo-path ${{env.REPO_JAR}} --key "${{secrets.APP_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets. APP_EVIDENCE_KEY_ALIAS}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1 + + echo " - TODO: Evidence for ARTIFACT attached " >> $GITHUB_STEP_SUMMARY + + # Build Info + # US + # Executive Order: + # https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ + # https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity + # US Dept of Commerce: https://www.ntia.gov/page/software-bill-materials + # US Cyber Defence Agency: https://www.cisa.gov/sbom + # NIST: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1 + # NITA: https://www.ntia.gov/page/software-bill-materials + # Centers for Medicare & Medicaid Services: https://security.cms.gov/learn/software-bill-materials-sbom + # India + # CERT-IN: https://www.cert-in.org.in/sbom/ + - name: "BuildInfo: Collect env" + run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}} + + - name: "BuildInfo: Add VCS info" + run: jf rt bag ${{env.BUILD_NAME}} ${{env.BUILD_ID}} + + - name: "BuildInfo: Build Publish" + run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true \ No newline at end of file diff --git a/.gitignore b/.gitignore index d2767ad28..59c679c66 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,8 @@ out/ _site/ *.css !petclinic.css + +*.jfrog +.gradle +.mvn +target/ \ No newline at end of file diff --git a/jfcli.sh b/jfcli.sh new file mode 100755 index 000000000..e6138dff3 --- /dev/null +++ b/jfcli.sh @@ -0,0 +1,9 @@ + +export JF_NAME="psazuse" JFROG_CLI_LOG_LEVEL="DEBUG" +export JF_RT_URL="https://${JF_NAME}.jfrog.io" RT_REPO_VIRTUAL="krishnam-mvn-virtual" + +export BUILD_NAME="spring-petclinic" BUILD_ID="cmd.$(date '+%Y-%m-%d-%H-%M')" + +jf mvnc --global --repo-resolve-releases ${RT_REPO_VIRTUAL} --repo-resolve-snapshots ${RT_REPO_VIRTUAL} + +jf mvn clean install --build-name=${BUILD_NAME} --build-number=${BUILD_ID} \ No newline at end of file diff --git a/jfrog/Dockerfile b/jfrog/Dockerfile new file mode 100755 index 000000000..ae599fe2a --- /dev/null +++ b/jfrog/Dockerfile @@ -0,0 +1,17 @@ +# base image https://hub.docker.com/layers/library/openjdk/17-jdk-alpine/ +# FROM openjdk:17-jdk-alpine +# https://hub.docker.com/_/amazoncorretto/ +FROM psazuse.jfrog.io/springpetclinic-docker-virtual/amazoncorretto:17-alpine-jdk + +# Set environment variables ref: https://docs.docker.com/build/building/variables/#env-usage-example +ARG JAR_FILE +# ENV JAR_FILE=spring-petclinic-3.5.0-SNAPSHOT.jar + +WORKDIR /app + +COPY target/${JAR_FILE} /app/ + +# Set the command to run the Spring Boot application +# java -jar target/spring-petclinic-3.2.0-SNAPSHOT.jar --server.port=7080 +# CMD java -jar ${JAR_FILE} +CMD ["java", "-jar", ${JAR_FILE}] \ No newline at end of file diff --git a/jfrog/README.md b/jfrog/README.md new file mode 100644 index 000000000..8125cc35d --- /dev/null +++ b/jfrog/README.md @@ -0,0 +1,2 @@ +# Spring-PetClinic screenshots in JFrog & GitHub + diff --git a/spring-petclinic.code-workspace b/spring-petclinic.code-workspace new file mode 100644 index 000000000..876a1499c --- /dev/null +++ b/spring-petclinic.code-workspace @@ -0,0 +1,8 @@ +{ + "folders": [ + { + "path": "." + } + ], + "settings": {} +} \ No newline at end of file