diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 421ff2ff6..1840ca991 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -1,69 +1,120 @@ -name: CI with JFrog +name: Build with JFrog CLI (Forcing New Extractor) on: push: branches: - main - develop - pull_request: - branches: [ "main" ] -env: - # Define variables for build name and number for reuse - BUILD_NAME: spring-petclinic - # Use run_number for a simple, incrementing build number - BUILD_NUMBER: ${{ github.run_number }} + pull_request: + branches: [ "main" ] # Trigger workflow on pull requests targeting main jobs: - build-and-scan: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 + build: + runs-on: ubuntu-latest # Use the latest Ubuntu runner for execution + steps: + ################################################# + # 1) Checkout the repository to the runner + ################################################# + - name: Checkout + uses: actions/checkout@v4 # Pulls the latest code from the repository + + ################################################# + # 2) Set up Java environment + ################################################# - name: Set up JDK 17 uses: actions/setup-java@v3 with: - distribution: 'temurin' - java-version: '17' + distribution: 'temurin' # Use Eclipse Temurin JDK (OpenJDK) + java-version: '17' # Ensure Java 17 is installed + ################################################# + # 3) Install and Configure JFrog CLI + ################################################# - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v4 + uses: jfrog/setup-jfrog-cli@v4 # Official JFrog CLI GitHub Action + id: setup-cli env: - JF_URL: ${{ secrets.JF_URL }} - JF_USER: ${{ secrets.JF_USER }} - JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + JF_URL: ${{secrets.JF_RT_URL}} # Artifactory base URL (stored as a GitHub secret) + JFROG_CLI_RELEASES_REPO: 'https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/' + JFROG_CLI_EXTRACTORS_REMOTE: 'https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/' + JF_GIT_TOKEN: ${{secrets.GH_TOKEN}} # GitHub token for authentication + JF_USER: ${{secrets.ARTIFACTORY_USERNAME}} # Artifactory username + JF_PASSWORD: ${{secrets.ARTIFACTORY_IDENTITY_TOKEN}} # Artifactory identity token - - name: Configure Maven Repositories - run: | - jf mvnc \ - --repo-resolve-releases jesseh-maven-dev-virtual \ - --repo-resolve-snapshots jesseh-maven-dev-virtual \ - --repo-deploy-releases jesseh-maven-dev-local \ - --repo-deploy-snapshots jesseh-maven-dev-local - - - name: Run Maven Build + ################################################# + # 4) Clean the local Maven cache (optional but recommended) + ################################################# + - name: Clear local Maven cache + run: rm -rf ~/.m2/repository # Ensures a clean build by removing old dependencies + + - name: Ensure mvnw is executable + run: chmod +x mvnw # Make the Maven wrapper script executable + + ################################################# + # 5) Verify JFrog connection + ################################################# + - name: ping jfrog + run: jf rt ping + + ################################################# + # 6) Configure Maven to use JFrog as a repository + ################################################# + - name: configure maven + run: jf mvnc --global --repo-resolve-releases jesseh-maven-dev-virtual/ --repo-resolve-snapshots jesseh-maven-dev-virtual/ + # This sets up JFrog CLI to resolve dependencies from Artifactory + + ################################################# + # 7) Build project using JFrog CLI with Maven + ################################################# + - name: Maven Build With JFrog CLI run: | jf mvn clean install \ - --build-name=${{ env.BUILD_NAME }} \ - --build-number=${{ env.BUILD_NUMBER }} + -DskipTests=true -Denforcer.skip=true \ + --build-name="spring-petclinic" \ + --build-number="${{ github.run_id }}" - - name: Login to JFrog Docker Registry + ################################################# + # 8) Scan with XRay + ################################################# + - name: Scan Artifact + run: | + latest_jar=$(find target -name "*.jar" | sort | tail -n 1) + echo "Scanning: $latest_jar" + jf scan "$latest_jar" + + ################################################# + # 9) Build Docker image with local Docker + ################################################# + - name: Login to JFrog Docker Repo uses: docker/login-action@v3 with: - registry: ${{ secrets.JF_URL }} - username: ${{ secrets.JF_USER }} - password: ${{ secrets.JF_PASSWORD }} - - - name: Build and Push Docker Image + registry: ${{ secrets.JF_RT_URL }} + username: ${{ secrets.ARTIFACTORY_USERNAME }} + password: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }} + + - name: Build Docker Image run: | - export DOCKER_IMAGE_TAG="${{ secrets.JF_URL }}/jesseh-docker-dev-local/spring-petclinic:${{ env.BUILD_NUMBER }}" - docker build -t $DOCKER_IMAGE_TAG . - jf docker push $DOCKER_IMAGE_TAG \ - --build-name=${{ env.BUILD_NAME }} \ - --build-number=${{ env.BUILD_NUMBER }} + docker build -t soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }} . - - name: Publish and Scan Build Info + ################################################# + # 10) Push Docker image using JFrog CLI + ################################################# + - name: Push Docker Image to Artifactory run: | - jf rt build-publish ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} - jf bs --fail-build=true ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }} \ No newline at end of file + jf docker push \ + soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }} \ + --build-name="spring-petclinic" \ + --build-number="${{ github.run_id }}" + + ################################################# + # 9) Publish Build Information to JFrog + ################################################# + - name: Publish Build Info + run: | + jfrog rt build-collect-env # Collect environment variables + jfrog rt build-add-dependencies . # Add dependencies found in the current directory + jfrog rt build-add-git # Add Git commit information + jfrog rt build-publish "spring-petclinic" "${{ github.run_id }}" + # Publishes build metadata (dependencies, artifacts, environment) to JFrog \ No newline at end of file