Update build-maven.yml #27

Workflow file for this run

.github/workflows/build-maven.yml at 351488c

	name: CI

	on:
	push:
	branches:
	- main
	- dev
	pull_request:
	branches:
	- main
	permissions:
	actions: read # for detecting the Github Actions environment.
	id-token: write # for creating OIDC tokens for signing.
	packages: write # for uploading attestation.
	contents: read

	jobs:
	build-publish-maven:
	runs-on: ubuntu-latest
	env:
	DOCKER_REPO: 'mgm-project-docker-local'
	IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'
	JF_URL: https://${{ vars.JF_URL }}/
	DOCKER_CLI_EXPERIMENTAL: enabled
	JFROG_PLATFORM_REPO: 'mgm-project-maven-virtual'
	JF_PROJECT: mgm-project

	steps:
	- name: Check out repository
	uses: actions/checkout@v4

	- name: Setup JFrog CLI
	id: setup-cli
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: https://${{ vars.JF_URL }}/
	JF_PROJECT: mgm-project
	with:
	oidc-provider-name: mgm-demo
	oidc-audience: mgm-demo-aud

	- name: Configure Maven
	run: jf mvnc --repo-deploy-releases $JFROG_PLATFORM_REPO --repo-deploy-snapshots $JFROG_PLATFORM_REPO --repo-resolve-releases $JFROG_PLATFORM_REPO --repo-resolve-snapshots $JFROG_PLATFORM_REPO

	- name: Build and Upload JAR to Artifactory
	env:
	JF_URL: https://${{ vars.JF_URL }}/
	JF_PROJECT: mgm-project
	run: jf mvn package deploy

	- name: Audit with JFrog Xray
	run: jf audit .

	- name: Audit with JFrog Xray
	run: jf scan */

	- name: Collect environment variables for build
	env:
	CI_JOB_NAME: ${{ github.job }}
	CI_JOB_ID: ${{ github.run_id }}
	run: jf rt bce $CI_JOB_NAME $CI_JOB_ID

	- name: Collect VCS details from Git
	env:
	CI_JOB_NAME: ${{ github.job }}
	CI_JOB_ID: ${{ github.run_id }}
	run: jf rt bag $CI_JOB_NAME $CI_JOB_ID

	- name: Publish build info
	env:
	CI_JOB_NAME: ${{ github.job }}
	CI_JOB_ID: ${{ github.run_id }}
	run: jf rt bp $CI_JOB_NAME $CI_JOB_ID

	- name: Authenticate Docker
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.JF_URL }}
	username: ${{ steps.setup-cli.outputs.oidc-user }}
	password: ${{ steps.setup-cli.outputs.oidc-token }}

	- name: docker build through
	run: \|
	jf docker --version
	jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --metadata-file metadata.json --push .

	- name: docker scan
	run: \|
	jf docker pull ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
	jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
	- name: Gather Docker image metadata
	run: \|
	docker inspect ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} > metadata.json
	echo "----------------"
	cat metadata.json
	echo "----------------"
	digest=$(jq -r '.[0].RepoDigests[0]' metadata.json \| awk -F '@' '{print $2}')
	jf rt build-docker-create ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --image-file metadata.json
	jf rt build-collect-env $JFROG_CLI_BUILD_NAME $JFROG_CLI_BUILD_NUMBER
	jf rt build-publish $JFROG_CLI_BUILD_NAME $JFROG_CLI_BUILD_NUMBER

	- name: Scan Docker image with JFrog Xray
	run: jfrog xr scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --project=mgm-project

	- name: publish build info
	run: \|
	jf rt build-collect-env
	jf rt build-add-dependencies .
	jf rt build-add-git
	jf rt build-publish
	jf rt bp $CI_JOB_NAME $CI_JOB_ID

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update build-maven.yml #27

Workflow file

Update build-maven.yml #27

Jobs

Run details

Workflow file for this run