Initial Changes #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- dev | |
pull_request: | |
branches: | |
- main | |
permissions: | |
actions: read # for detecting the Github Actions environment. | |
id-token: write # for creating OIDC tokens for signing. | |
packages: write # for uploading attestation. | |
contents: read | |
jobs: | |
build-publish-maven: | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_REPO: 'mgm-project-docker-local' | |
IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' | |
JF_URL: https://${{ vars.JF_URL }}/ | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
JFROG_PLATFORM_REPO: 'demo-project-maven-virtual' | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
# - name: Install JFrog CLI | |
# run: curl -fL https://install-cli.jfrog.io | sh | |
- name: Setup JFrog CLI | |
id: se-clitup | |
uses: jfrog/setup-jfrog-cli@v4 | |
env: | |
JF_URL: https://psazuse.jfrog.io | |
JF_PROJECT: mgm-project | |
with: | |
oidc-provider-name: mgm-demo | |
oidc-audience: mgm-demo-aud | |
- name: Configure Maven | |
run: jf mvnc --repo-deploy-releases $JFROG_PLATFORM_REPO --repo-deploy-snapshots $JFROG_PLATFORM_REPO --repo-resolve-releases $JFROG_PLATFORM_REPO --repo-resolve-snapshots $JFROG_PLATFORM_REPO | |
- name: Build and Upload JAR to Artifactory | |
env: | |
JF_URL: https://psazuse.jfrog.io | |
run: jf mvn clean package deploy | |
# frogbot-scan: | |
# runs-on: ubuntu-latest | |
# needs: build-publish-maven | |
# steps: | |
# - name: Check out repository | |
# uses: actions/checkout@v4 | |
# - name: Execute Frogbot Scan | |
# env: | |
# JF_URL: ${{ vars.JF_URL }} | |
# JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
# JF_GIT_TOKEN: ${{ secrets.USER_TOKEN }} | |
# JF_GIT_PROVIDER: gitlab | |
# JF_GIT_OWNER: ${{ github.repository_owner }} | |
# JF_GIT_REPO: ${{ github.repository }} | |
# run: | | |
# getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo "https://releases.jfrog.io"; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi) | |
# curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh | |
# ./frogbot ${FROGBOT_CMD} | |
perform-java-build: | |
runs-on: maven:3.8.5-openjdk-18 | |
needs: build-publish-maven | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Audit with JFrog Xray | |
run: jf audit . | |
- name: Build and Upload JAR to Artifactory | |
env: | |
JF_URL: ${{ vars.JF_URL }} | |
# JF_USER: ${{ secrets.JF_USER }} | |
# JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
# JFROG_PLATFORM_REPO: ${{ secrets.JFROG_PLATFORM_REPO }} | |
run: jf mvn clean package deploy | |
- name: Collect environment variables for build | |
env: | |
CI_JOB_NAME: ${{ github.job }} | |
CI_JOB_ID: ${{ github.run_id }} | |
run: jf rt bce $CI_JOB_NAME $CI_JOB_ID | |
- name: Collect VCS details from Git | |
env: | |
CI_JOB_NAME: ${{ github.job }} | |
CI_JOB_ID: ${{ github.run_id }} | |
run: jf rt bag $CI_JOB_NAME $CI_JOB_ID | |
- name: Publish build info | |
env: | |
CI_JOB_NAME: ${{ github.job }} | |
CI_JOB_ID: ${{ github.run_id }} | |
run: jf rt bp $CI_JOB_NAME $CI_JOB_ID |