mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2026-01-19 01:51:11 +00:00
123 lines
4.3 KiB
YAML
123 lines
4.3 KiB
YAML
name: Build with JFrog CLI (Forcing New Extractor)
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main", "develop" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
|
|
# One build per run — everything uses the same build name/number
|
|
env:
|
|
JFROG_CLI_BUILD_NAME: jesseh-spring-petclinic
|
|
JFROG_CLI_BUILD_NUMBER: ${{ github.run_id }}
|
|
|
|
steps:
|
|
#################################################
|
|
# 1) Checkout
|
|
#################################################
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
#################################################
|
|
# 2) Java
|
|
#################################################
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v3
|
|
with:
|
|
distribution: temurin
|
|
java-version: '17'
|
|
|
|
#################################################
|
|
# 3) JFrog CLI
|
|
#################################################
|
|
- name: Setup JFrog CLI
|
|
uses: jfrog/setup-jfrog-cli@v4
|
|
id: setup-cli
|
|
env:
|
|
JF_URL: ${{ secrets.JF_RT_URL }}
|
|
JFROG_CLI_RELEASES_REPO: https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/
|
|
JFROG_CLI_EXTRACTORS_REMOTE: https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/
|
|
JF_GIT_TOKEN: ${{ secrets.GH_TOKEN }}
|
|
JF_USER: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
JF_PASSWORD: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }}
|
|
|
|
#################################################
|
|
# 4) Prep
|
|
#################################################
|
|
- name: Clear local Maven cache
|
|
run: rm -rf ~/.m2/repository
|
|
|
|
- name: Ensure mvnw is executable
|
|
run: chmod +x mvnw
|
|
|
|
- name: Ping JFrog
|
|
run: jf rt ping
|
|
|
|
- name: Configure Maven to resolve via Artifactory
|
|
run: jf mvnc --global --repo-resolve-releases jesseh-maven-dev-virtual/ --repo-resolve-snapshots jesseh-maven-dev-virtual/
|
|
|
|
|
|
|
|
#################################################
|
|
# 6) Build with Maven (attached to build via env)
|
|
#################################################
|
|
- name: Maven Build With JFrog CLI
|
|
run: |
|
|
jf mvn clean install \
|
|
-DskipTests=true -Denforcer.skip=true
|
|
#################################################
|
|
# 5) SAST/SCA (Associated with an Xray Watch)
|
|
#################################################
|
|
- name: JFrog Audit (SAST & SCA)
|
|
# Associate the scan with one or more Xray Watches for policy enforcement.
|
|
# This is the correct method if you are not using JFrog Projects.
|
|
run: |
|
|
jf audit \
|
|
--watches=jesseh-security \
|
|
--fail=true
|
|
|
|
#################################################
|
|
# 7) Scan produced artifact (on-demand scan)
|
|
#################################################
|
|
- name: Scan Artifact
|
|
run: |
|
|
latest_jar=$(find target -name "*.jar" | sort | tail -n 1)
|
|
echo "Scanning: $latest_jar"
|
|
jf scan "$latest_jar"
|
|
|
|
#################################################
|
|
# 8) Build & Push Docker image
|
|
#################################################
|
|
- name: Login to JFrog Docker Repo
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ secrets.JF_RT_URL }}
|
|
username: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
password: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }}
|
|
|
|
- name: Build Docker Image
|
|
run: |
|
|
docker build -t soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }} .
|
|
|
|
- name: Push Docker Image to Artifactory
|
|
run: |
|
|
jf docker push soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }}
|
|
|
|
#################################################
|
|
# 9) Publish Build Info (all commands use env build name/number)
|
|
#################################################
|
|
- name: Publish Build Info
|
|
run: |
|
|
jf rt build-collect-env
|
|
jf rt build-add-git
|
|
jf rt build-publish
|
|
|
|
#################################################
|
|
# 10) Xray build scan → populates Build → Security tab
|
|
#################################################
|
|
- name: Xray build scan
|
|
run: jf bs --vuln
|