mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2026-02-05 13:51:12 +00:00
73 lines
No EOL
2.2 KiB
YAML
73 lines
No EOL
2.2 KiB
YAML
name: build-publish-scan
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- feature/test-change
|
|
workflow_dispatch: {}
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
id-token: write # Required for OIDC authentication
|
|
|
|
jobs:
|
|
build-and-scan:
|
|
name: Build, Publish, and Scan
|
|
runs-on: ubuntu-latest
|
|
|
|
# Setting environment variables at the job level for consistency
|
|
env:
|
|
JF_URL: ${{ secrets.JF_URL }}
|
|
JF_REPO: ${{ secrets.JF_REPO }}
|
|
BUILD_NAME: "maven-build-scan"
|
|
BUILD_NUMBER: ${{ github.run_number }}
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
java-version: '17'
|
|
distribution: 'temurin'
|
|
cache: maven
|
|
|
|
# 1. Setup JFrog CLI using OIDC
|
|
- name: Set up JFrog CLI
|
|
uses: jfrog/setup-jfrog-cli@v4
|
|
with:
|
|
oidc-provider-name: github-oidc
|
|
oidc-audience: jfrog-github
|
|
|
|
- name: Build with Maven
|
|
run: ./mvnw -B -DskipTests package
|
|
|
|
# 2. Upload Artifacts (Fixes the 405 error by using clean paths)
|
|
- name: Publish artifact to Artifactory
|
|
run: |
|
|
# We use jf rt upload.
|
|
# The target path should be: REPO_NAME/FOLDER_NAME/
|
|
# If JF_REPO is "maven-dev-local", this uploads to maven-dev-local/builds/3/
|
|
jf rt upload "target/*.jar" "${{ secrets.JF_REPO }}/builds/${{ github.run_number }}/" \
|
|
--build-name="${{ env.BUILD_NAME }}" \
|
|
--build-number="${{ env.BUILD_NUMBER }}" \
|
|
--flat=false
|
|
|
|
# 3. Publish Build Info (Tells Xray exactly what to scan)
|
|
- name: Publish Build Info
|
|
run: |
|
|
jf rt build-collect-env ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }}
|
|
jf rt bp ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }}
|
|
|
|
# 4. Trigger Frogbot Scan
|
|
# This will scan the PR/Branch and post security findings
|
|
- name: Run Frogbot Scan
|
|
uses: jfrog/frogbot@v2
|
|
env:
|
|
JF_URL: ${{ env.JF_URL }}
|
|
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
oidc-provider-name: github-oidc
|
|
oidc-audience: jfrog-github |