mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2026-01-12 04:51:11 +00:00
94 lines
No EOL
3.4 KiB
YAML
94 lines
No EOL
3.4 KiB
YAML
name: Build and Scan with JFrog
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main", "develop" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
jobs:
|
|
build-and-scan:
|
|
runs-on: ubuntu-latest
|
|
|
|
# Environment variables for consistent build naming across all steps
|
|
env:
|
|
JFROG_CLI_BUILD_NAME: jesseh-spring-petclinic
|
|
JFROG_CLI_BUILD_NUMBER: ${{ github.run_id }}
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: '17'
|
|
|
|
# Installs and configures the JFrog CLI with your Artifactory server details
|
|
- name: Setup JFrog CLI
|
|
uses: jfrog/setup-jfrog-cli@v4
|
|
env:
|
|
JF_URL: ${{ secrets.JF_RT_URL }}
|
|
JFROG_CLI_RELEASES_REPO: https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/
|
|
JFROG_CLI_EXTRACTORS_REMOTE: https://soleng.jfrog.io/artifactory/jesseh-maven-dev-virtual/
|
|
JF_GIT_TOKEN: ${{ secrets.GH_TOKEN }}
|
|
JF_USER: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
JF_PASSWORD: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }}
|
|
|
|
# Configures Maven to resolve all dependencies from your Artifactory instance
|
|
# Configures Maven to resolve all dependencies from your Artifactory instance
|
|
- name: Configure Maven Repositories
|
|
run: |
|
|
jf mvnc \
|
|
--repo-resolve-releases=jesseh-maven-dev-virtual \
|
|
--repo-resolve-snapshots=jesseh-maven-dev-virtual
|
|
|
|
# Automatically fixes any code formatting issues to prevent build failures
|
|
- name: Apply Java Formatting
|
|
run: mvn spring-javaformat:apply
|
|
|
|
# Wraps the Maven command to resolve dependencies and collect build-info
|
|
- name: Build Application with Maven
|
|
run: |
|
|
jf mvn clean install -DskipTests=true
|
|
|
|
# "Shift-left" scan for fast feedback on source code and dependencies
|
|
- name: Run JFrog SAST & SCA Audit
|
|
run: |
|
|
jf audit --sast --fail=true --project "jesseh"
|
|
|
|
# This is your original, working login action. It correctly handles the full URL.
|
|
- name: Login to JFrog Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ secrets.JF_RT_URL }}
|
|
username: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
password: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }}
|
|
|
|
# Defines the full image name using the registry from your secrets
|
|
- name: Login to JFrog Docker Repo
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ secrets.JF_RT_URL }}
|
|
username: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
password: ${{ secrets.ARTIFACTORY_IDENTITY_TOKEN }}
|
|
|
|
- name: Build Docker Image
|
|
run: |
|
|
docker build -t soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }} .
|
|
|
|
# Pushes the image using JFrog CLI to add the Docker layers to the build-info
|
|
- name: Push Docker Image
|
|
run: |
|
|
jf docker push soleng.jfrog.io/jesseh-docker-dev-local/spring-petclinic:${{ github.run_id }}
|
|
|
|
# Publishes all collected build information to Artifactory
|
|
- name: Publish Build Info
|
|
run: |
|
|
jf rt build-publish
|
|
|
|
# Final, comprehensive security scan on the entire build record
|
|
- name: Scan Build with Xray
|
|
run: |
|
|
jf bs --fail=false --vuln |