try build with write-all permissions #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Build Application and Upload Container Image to Docker Hub | |
| name: Build | |
| # Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | |
| on: | |
| # Run workflow on push except for ignored branches and paths | |
| push: | |
| # Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot | |
| branches-ignore: | |
| # - 'dependabot/**' | |
| - 'cherry-pick-*' | |
| paths-ignore: | |
| - '**.md' # Ignore documentation changes | |
| - '.github/dependabot.yml' # Ignore dependabot changes | |
| # Allow user to manually trigger Workflow execution | |
| workflow_dispatch: | |
| # Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
| permissions: write-all | |
| # contents: read | |
| # Run a single job at a time: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
| concurrency: | |
| group: build-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # # Set Job-level permissions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions | |
| # permissions: | |
| # packages: write | |
| environment: docker-hub # Use `docker-hub` repository environment | |
| # Set Job-level environment variables | |
| env: | |
| MYSQL_DATABASE: demoapp | |
| MYSQL_USER: user | |
| MYSQL_PASSWORD: password | |
| MYSQL_ROOT_PASSWORD: local | |
| # Uncomment lines below to run `build` job on container | |
| # Note: container image must contains commands required for step execution, e.g. docker, gzip, etc. | |
| # container: | |
| # image: mcr.microsoft.com/openjdk/jdk:17-ubuntu # Image Java version must match with `project.version` in pom.xml | |
| # # Set credentials when container registry requires authentication to pull the image | |
| # # credentials: | |
| # # username: ${{ github.actor }} | |
| # # password: ${{ secrets.github_token }} | |
| services: | |
| mysql: | |
| image: mysql:8.0 # Use same mysql image from devcontainer.json | |
| env: | |
| MYSQL_DATABASE: ${{ env.MYSQL_DATABASE }} | |
| MYSQL_USER: ${{ env.MYSQL_USER }} | |
| MYSQL_PASSWORD: ${{ env.MYSQL_PASSWORD }} | |
| MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_ROOT_PASSWORD }} | |
| # Ports are required only when `container` keyword is not defined | |
| ports: | |
| - 3306:3306 # Opens tcp port 3306 on the host and service container | |
| steps: | |
| - name: Clone | |
| uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout | |
| # Setup Java | |
| - uses: actions/setup-java@v3 # https://github.com/actions/setup-java | |
| with: | |
| distribution: microsoft # Microsoft was selected to match Visual Studio Code Dev Container Java distribuition, see .devcontainer/devcontainer.json. Supported distributions: https://github.com/actions/setup-java#supported-distributions | |
| java-version: '17' # Java version must match `project.properties['java.version']` in pom.xml | |
| # Cache Maven dependencies | |
| - name: Install and Cache Maven dependencies | |
| id: cache | |
| uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions | |
| with: | |
| path: ~/.m2 | |
| key: maven-${{ hashFiles('**/pom.xml') }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 # https://github.com/marketplace/actions/docker-setup-qemu | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 # https://github.com/marketplace/actions/docker-setup-build | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 # https://github.com/marketplace/actions/docker-login | |
| with: | |
| registry: ${{ vars.DOCKER_REGISTRY_URL }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| # Build with Maven and Upload Container Image to Docker Hub | |
| - name: Build | |
| env: | |
| # Use localhost when `container` keyword is not defined | |
| SPRING_DATASOURCE_URL: jdbc:mysql://localhost:3306/demoapp | |
| # Use service name when `container` keyword is defined | |
| # SPRING_DATASOURCE_URL: jdbc:mysql://mysql:3306/demoapp | |
| SPRING_DATASOURCE_USERNAME: root | |
| SPRING_DATASOURCE_PASSWORD: ${{ env.MYSQL_ROOT_PASSWORD }} | |
| DOCKER_REGISTRY_URL: ${{ vars.DOCKER_REGISTRY_URL }} # Docker Hub repository: https://hub.docker.com/repository/docker/paulgilber/demoapp-backend | |
| DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| run: | | |
| mvn package dockerfile:build dockerfile:tag dockerfile:push \ | |
| -DDOCKER_REGISTRY_URL=${{ env.DOCKER_REGISTRY_URL }} \ | |
| -DDOCKER_REGISTRY_USERNAME=${{ env.DOCKER_REGISTRY_USERNAME }} \ | |
| -DDOCKER_REGISTRY_PASSWORD=${{ env.DOCKER_REGISTRY_PASSWORD }} | |
| # Uncomment lines below to build with Docker | |
| # - name: Build container image | |
| # uses: docker/build-push-action@v5 # https://github.com/marketplace/actions/build-and-push-docker-images | |
| # with: | |
| # context: . | |
| # file: Containerfile | |
| # push: true | |
| # tags: ${{ vars.DOCKER_REGISTRY_URL }}/demoapp-backend | |
| # cache-from: type=gha | |
| # cache-to: type=gha,mode=max |