Skip to content

Update build-maven.yml #30

Update build-maven.yml

Update build-maven.yml #30

Workflow file for this run

name: CI
on:
push:
branches:
- main
- dev
pull_request:
branches:
- main
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestation.
contents: read
jobs:
build-publish-maven:
runs-on: ubuntu-latest
env:
DOCKER_REPO: 'mgm-project-docker-local'
IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'
JF_URL: https://${{ vars.JF_URL }}/
DOCKER_CLI_EXPERIMENTAL: enabled
JFROG_PLATFORM_REPO: 'mgm-project-maven-virtual'
JF_PROJECT: mgm-project
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup JFrog CLI
id: setup-cli
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: https://${{ vars.JF_URL }}/
JF_PROJECT: mgm-project
with:
oidc-provider-name: mgm-demo
oidc-audience: mgm-demo-aud
- name: Configure Maven
run: jf mvnc --repo-deploy-releases $JFROG_PLATFORM_REPO --repo-deploy-snapshots $JFROG_PLATFORM_REPO --repo-resolve-releases $JFROG_PLATFORM_REPO --repo-resolve-snapshots $JFROG_PLATFORM_REPO
- name: Build and Upload JAR to Artifactory
env:
JF_URL: https://${{ vars.JF_URL }}/
JF_PROJECT: mgm-project
run: jf mvn package deploy
- name: Audit with JFrog Xray
run: jf audit .
- name: Audit with JFrog Xray
run: jf scan **/*
- name: Collect environment variables for build
env:
CI_JOB_NAME: ${{ github.job }}
CI_JOB_ID: ${{ github.run_id }}
run: jf rt bce $CI_JOB_NAME $CI_JOB_ID
- name: Collect VCS details from Git
env:
CI_JOB_NAME: ${{ github.job }}
CI_JOB_ID: ${{ github.run_id }}
run: jf rt bag $CI_JOB_NAME $CI_JOB_ID
- name: Publish build info
env:
CI_JOB_NAME: ${{ github.job }}
CI_JOB_ID: ${{ github.run_id }}
run: jf rt bp $CI_JOB_NAME $CI_JOB_ID
- name: Authenticate Docker
uses: docker/login-action@v3
with:
registry: ${{ vars.JF_URL }}
username: ${{ steps.setup-cli.outputs.oidc-user }}
password: ${{ steps.setup-cli.outputs.oidc-token }}
- name: docker build through
run: |
jf docker --version
jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --metadata-file metadata.json --push .
- name: docker scan
run: |
jf docker pull ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
- name: Gather Docker image metadata
run: |
docker inspect ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} > metadata.json
echo "----------------"
cat metadata.json
echo "----------------"
digest=$(jq -r '.[0].RepoDigests[0]' metadata.json | awk -F '@' '{print $2}')
echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@$digest" > metadata.json
jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json
- name: publish build info
run: |
jf rt build-collect-env
jf rt build-add-dependencies .
jf rt build-add-git
jf rt build-publish
jf rt bp $CI_JOB_NAME $CI_JOB_ID
- name: build scan
run: |
jf build-scan $CI_JOB_NAME $CI_JOB_ID