Fix/pipeline #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Demo-Deploy' | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: [ main ] | |
| jobs: | |
| update-version: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| okr-docker-image: ${{ vars.NEW_VALUE_URL }}:${{ steps.store-version.outputs.version}}-DEMO | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.VERSION_TOKEN}} | |
| - name: Generate and Set New Version | |
| run: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} -DgenerateBackupPoms=false | |
| - name: Extract Maven project version | |
| run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT | |
| id: store-version | |
| - name: Set New Snapshot Version | |
| run: mvn build-helper:parse-version versions:set -DnewVersion=${{ steps.store-version.outputs.version}}-SNAPSHOT -DgenerateBackupPoms=false | |
| - name: Commit and Push Changes | |
| shell: bash | |
| env: | |
| COMMITPREFIX: '[VU]' | |
| run: | | |
| git config --global user.email "actions@github.com" | |
| git config --global user.name "GitHub Actions" | |
| git add . || { | |
| echo "No files were changed, so we did not commit anything" | |
| exit 1 | |
| } | |
| git commit -m "$COMMITPREFIX Automated version update" || { | |
| echo "No changes to commit, skipping push" | |
| exit 0 | |
| } | |
| git push -f origin main | |
| build-docker-image: | |
| needs: update-version | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| - name: Set up node 18 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.17.1 | |
| - name: Install Dependencies | |
| run: cd ./frontend && npm ci | |
| - name: Build frontend with Angular | |
| run: cd ./frontend && npm run build | |
| - name: Build backend with Maven | |
| run: mvn -B clean package --file pom.xml -P build-for-docker | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build the docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| tags: ${{ needs.update-version.outputs.okr-docker-image}} | |
| load: true | |
| push: false | |
| outputs: type=docker,dest=/tmp/okr-docker-image.tar | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: okr-image | |
| path: /tmp/okr-docker-image.tar | |
| - name: print imagetags | |
| run: echo ${{ needs.update-version.outputs.okr-docker-image}} | |
| e2e-docker: | |
| runs-on: ubuntu-22.04 | |
| needs: [build-docker-image,update-version] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: okr-image | |
| path: /tmp | |
| - name: Load image | |
| run: docker load --input /tmp/okr-docker-image.tar | |
| - name: show images | |
| run: docker image ls -a | |
| - name: Run docker image | |
| run: | | |
| docker run --network=host \ | |
| -p 8080:8080 \ | |
| -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER-URI=http://localhost:8544/realms/pitc \ | |
| -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK-SET-URI=http://localhost:8544/realms/pitc/protocol/openid-connect/certs \ | |
| -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT-ID=pitc_okr_staging \ | |
| -e SPRING_PROFILES_ACTIVE-ID=integration-test \ | |
| -e SPRING_DATASOURCE_URL="jdbc:h2:mem:db;DB_CLOSE_DELAY=-1" \ | |
| -e SPRING_DATASOURCE_USERNAME=user \ | |
| -e SPRING_DATASOURCE_PASSWORD=sa \ | |
| -e SPRING_FLYWAY_LOCATIONS="classpath:db/h2-db/database-h2-schema,classpath:db/h2-db/data-test-h2" \ | |
| ${{ needs.update-version.outputs.okr-docker-image}} & | |
| - name: run keycloak docker | |
| run: | | |
| docker run \ | |
| -e KEYCLOAK_ADMIN=admin \ | |
| -e KEYCLOAK_ADMIN_PASSWORD=keycloak \ | |
| -v ./docker/config/realm-export.json:/opt/keycloak/data/import/realm.json \ | |
| -p 8544:8080 \ | |
| quay.io/keycloak/keycloak:23.0.1 \ | |
| start-dev --import-realm & | |
| - uses: abhi1693/setup-browser@v0.3.5 | |
| with: | |
| browser: chrome | |
| version: latest | |
| - name: Cypress run e2e tests | |
| uses: cypress-io/github-action@v6 | |
| with: | |
| build: npm i -D cypress | |
| install: false | |
| wait-on: 'http://localhost:8080/config, http://localhost:8544' | |
| wait-on-timeout: 120 | |
| browser: chrome | |
| headed: true | |
| working-directory: frontend | |
| config: baseUrl=http://localhost:8080 | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: cypress-screenshots | |
| path: frontend/cypress/screenshots | |
| upload-to-quay: | |
| runs-on: ubuntu-latest | |
| needs: [e2e-docker, update-version] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: okr-image | |
| path: /tmp | |
| - name: Load image | |
| run: docker load --input /tmp/okr-docker-image.tar | |
| - name: show images | |
| run: docker image ls -a | |
| - name: Log in to Quay registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.QUAY_REGISTRY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_TOKEN }} | |
| - name: Push | |
| run: docker push ${{ needs.update-version.outputs.okr-docker-image}} | |
| - name: Install yq | |
| shell: bash | |
| env: | |
| VERSION: v4.25.2 | |
| BINARY: yq_linux_amd64 | |
| run: | | |
| wget -q https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ | |
| tar xz && mv ${BINARY} /usr/local/bin/yq | |
| - name: Update YAML file | |
| shell: bash | |
| env: | |
| COMMITPREFIX: '[CTS]' | |
| run: | | |
| curl -s --header "PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}?ref=${{vars.TARGET_GITLAB_REFERENCE}}" -H "Accept: application/json" -H "Content-Type: application/json" | jq -r '.content' | base64 --decode > response.yaml | |
| yq -i "${{vars.YAML_PATH}} = \"${{needs.update-version.outputs.okr-docker-image}}\"" response.yaml | |
| UPDATED_CONTENT=$(cat response.yaml) | |
| curl --request PUT --header 'PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}' -F "branch=${{vars.TARGET_GITLAB_REFERENCE}}" -F "author_email=actions@gitlab.com" -F "author_name=GitLab Actions" -F "content=${UPDATED_CONTENT}" -F "commit_message=$COMMITPREFIX Automated changes to ${{vars.FILEPATH_COMMIT}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}" | |
| generate-and-push-sbom: | |
| runs-on: ubuntu-latest | |
| needs: [upload-to-quay] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install cdxgen | |
| working-directory: frontend | |
| run: npm install -g @cyclonedx/cdxgen@8.6.0 | |
| - name: 'Generate SBOM for maven dependencies' | |
| working-directory: backend | |
| run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom | |
| - name: 'Generate SBOM for npm dependencies' | |
| working-directory: frontend | |
| run: cdxgen -o ../sbom-npm.xml -t npm . | |
| - name: 'Merge frontend and backend SBOMs' | |
| run: | | |
| docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml | |
| - name: 'Push merged SBOM to dependency track' | |
| env: | |
| PROJECT_NAME: okr-demo | |
| run: | | |
| curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \ | |
| --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \ | |
| --header "Content-Type: multipart/form-data" \ | |
| --form "autoCreate=true" \ | |
| --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \ | |
| --form "projectVersion=latest" \ | |
| --form "bom=@sbom.xml" | |
| clean-up: | |
| needs: [generate-and-push-sbom] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: remove dockers | |
| run: docker ps -aq | xargs -r docker rm -f |