diff --git a/.github/workflows/Petclinic CI b/.github/workflows/Petclinic CI new file mode 100644 index 000000000..b04ba24cf --- /dev/null +++ b/.github/workflows/Petclinic CI @@ -0,0 +1,64 @@ +name: PetClinic CI + +on: + push: + branches: [ "main" ] + pull_request: # Added to allow Frogbot to scan incoming PRs + workflow_dispatch: + +jobs: + build-and-publish: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + pull-requests: write # Required for Frogbot to comment on PRs + security-events: write + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + cache: 'maven' + + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ secrets.JF_URL }} + with: + version: latest + oidc-provider-name: github-oidc + oidc-audience: jfrog-github + + # --- START FROGBOT SCAN --- + - name: Frogbot Scan + uses: jfrog/frogbot@v2 + env: + JF_URL: ${{ secrets.JF_URL }} + # Frogbot uses the OIDC configuration from the setup-jfrog-cli step + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # --- END FROGBOT SCAN --- + + - name: Build and Test + run: ./mvnw clean test + + - name: Build Docker Image + run: | + ./mvnw spring-boot:build-image \ + -Dspring-boot.build-image.imageName=petclinic-app:${{ github.run_number }} + + - name: Publish to JFrog + run: | + JF_HOST=$(echo "${{ secrets.JF_URL }}" | sed 's|https://||' | sed 's|/||g') + DOCKER_REPO="docker-local" + IMAGE_NAME="petclinic-app:${{ github.run_number }}" + REMOTE_TAG="$JF_HOST/$DOCKER_REPO/$IMAGE_NAME" + + docker tag "$IMAGE_NAME" "$REMOTE_TAG" + jf docker push "$REMOTE_TAG" --build-name=petclinic-trial --build-number=${{ github.run_number }} + jf rt bp petclinic-trial ${{ github.run_number }} diff --git a/.github/workflows/build-publish-scan.yml b/.github/workflows/build-publish-scan.yml new file mode 100644 index 000000000..40374550e --- /dev/null +++ b/.github/workflows/build-publish-scan.yml @@ -0,0 +1,69 @@ +name: build-publish-scan + +on: + push: + branches: + - feature/test-change + workflow_dispatch: {} + +permissions: + contents: read + pull-requests: write + id-token: write # Required for OIDC handshake + +jobs: + build-and-scan: + name: Build, Publish, and Scan + runs-on: ubuntu-latest + + env: + JF_URL: ${{ secrets.JF_URL }} + JF_REPO: "maven-repo" # Using your newly created repo + BUILD_NAME: "spring-petclinic-build" + BUILD_NUMBER: ${{ github.run_number }} + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + + # 1. Setup JFrog CLI with OIDC + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + with: + oidc-provider-name: github-oidc + oidc-audience: jfrog-github + + # 2. Build Project + - name: Build with Maven + run: ./mvnw -B -DskipTests package + + # 3. Publish Artifact (Fixes the 405 error by using the explicit repo key) + - name: Publish artifact to Artifactory + run: | + jf rt upload "target/*.jar" "${{ env.JF_REPO }}/petclinic/${{ env.BUILD_NUMBER }}/" \ + --build-name="${{ env.BUILD_NAME }}" \ + --build-number="${{ env.BUILD_NUMBER }}" \ + --flat=false + + # 4. Publish Build Info (Required for Xray to scan the build) + - name: Publish Build Info + run: | + jf rt build-collect-env ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} + jf rt bp ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} + + # 5. Run Frogbot Xray Scan + - name: Run Frogbot Scan + uses: jfrog/frogbot@v2 + env: + JF_URL: ${{ env.JF_URL }} + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + oidc-provider-name: github-oidc + oidc-audience: jfrog-github \ No newline at end of file diff --git a/.github/workflows/frogbot-scan-pull-request.yaml b/.github/workflows/frogbot-scan-pull-request.yaml new file mode 100644 index 000000000..a5e0a6e61 --- /dev/null +++ b/.github/workflows/frogbot-scan-pull-request.yaml @@ -0,0 +1,73 @@ +name: build-publish-scan + +on: + push: + branches: + - feature/test-change + workflow_dispatch: {} + +permissions: + contents: read + pull-requests: write + id-token: write # Required for OIDC authentication + +jobs: + build-and-scan: + name: Build, Publish, and Scan + runs-on: ubuntu-latest + + # Setting environment variables at the job level for consistency + env: + JF_URL: ${{ secrets.JF_URL }} + JF_REPO: ${{ secrets.JF_REPO }} + BUILD_NAME: "maven-build-scan" + BUILD_NUMBER: ${{ github.run_number }} + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + + # 1. Setup JFrog CLI using OIDC + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + with: + oidc-provider-name: github-oidc + oidc-audience: jfrog-github + + - name: Build with Maven + run: ./mvnw -B -DskipTests package + + # 2. Upload Artifacts (Fixes the 405 error by using clean paths) + - name: Publish artifact to Artifactory + run: | + # We use jf rt upload. + # The target path should be: REPO_NAME/FOLDER_NAME/ + # If JF_REPO is "maven-dev-local", this uploads to maven-dev-local/builds/3/ + jf rt upload "target/*.jar" "${{ secrets.JF_REPO }}/builds/${{ github.run_number }}/" \ + --build-name="${{ env.BUILD_NAME }}" \ + --build-number="${{ env.BUILD_NUMBER }}" \ + --flat=false + + # 3. Publish Build Info (Tells Xray exactly what to scan) + - name: Publish Build Info + run: | + jf rt build-collect-env ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} + jf rt bp ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} + + # 4. Trigger Frogbot Scan + # This will scan the PR/Branch and post security findings + - name: Run Frogbot Scan + uses: jfrog/frogbot@v2 + env: + JF_URL: ${{ env.JF_URL }} + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + oidc-provider-name: github-oidc + oidc-audience: jfrog-github \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..fffd3d83f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,57 @@ +name: PetClinic to Artifactory + +on: + push: + branches: [ "main" ] + workflow_dispatch: + +jobs: + build-and-publish: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + cache: 'maven' + + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ secrets.JF_URL }} + with: + version: latest + oidc-provider-name: github-oidc + oidc-audience: jfrog-github + + - name: Build and Test + run: ./mvnw clean test + + - name: Build Docker Image + run: | + ./mvnw spring-boot:build-image \ + -Dspring-boot.build-image.imageName=petclinic-app:${{ github.run_number }} + + - name: Publish to JFrog + run: | + # Clean URL to get Hostname (e.g., myinstance.jfrog.io) + JF_HOST=$(echo "${{ secrets.JF_URL }}" | sed 's|https://||' | sed 's|/||g') + + DOCKER_REPO="docker-local" + IMAGE_NAME="petclinic-app:${{ github.run_number }}" + REMOTE_TAG="$JF_HOST/$DOCKER_REPO/$IMAGE_NAME" + + # Tag, Push, and Publish Build Info + docker tag "$IMAGE_NAME" "$REMOTE_TAG" + + jf docker push "$REMOTE_TAG" --build-name=petclinic-trial --build-number=${{ github.run_number }} + + jf rt bp petclinic-trial ${{ github.run_number }} diff --git a/src/main/java/org/springframework/samples/petclinic/model/BaseEntity.java b/src/main/java/org/springframework/samples/petclinic/model/BaseEntity.java index 6babed56d..eed0cfba2 100644 --- a/src/main/java/org/springframework/samples/petclinic/model/BaseEntity.java +++ b/src/main/java/org/springframework/samples/petclinic/model/BaseEntity.java @@ -48,4 +48,8 @@ public class BaseEntity implements Serializable { return this.id == null; } + public void helloWorld() { + System.out.println("Hello World!"); + } + }