From 1b3d305a70f8431e85310f57cc5725fd0d10041f Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:12:13 +0100 Subject: [PATCH 01/21] Added a container workflow --- .github/workflows/build-container.yml | 30 +++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/build-container.yml diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml new file mode 100644 index 000000000..a55c2f496 --- /dev/null +++ b/.github/workflows/build-container.yml @@ -0,0 +1,30 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Java CI with Maven Container + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + From 7a810b45aaca70a753e57847793bcd72e69f4337 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:14:43 +0100 Subject: [PATCH 02/21] Added Container build step --- .github/workflows/maven-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 3ea8368a8..82cab1b31 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -30,3 +30,6 @@ jobs: - name: Run Maven tests run: mvn test + + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image From b8a57dcbd7c534cc9827a21fc25e03f2c131434f Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:28:45 +0100 Subject: [PATCH 03/21] Added debug docker image list --- .github/workflows/maven-build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 82cab1b31..31bfe4346 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -33,3 +33,8 @@ jobs: - name: Build the Maven container image run: ./mvnw spring-boot:build-image + + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image list \ No newline at end of file From 7937bc69872a175e70e34f54382c12e96e84bc4b Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:01:43 +0100 Subject: [PATCH 04/21] Added jfrog to the build and test --- .github/workflows/maven-build.yml | 46 ++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 31bfe4346..672fe33b8 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -25,6 +25,13 @@ jobs: java-version: ${{matrix.java}} distribution: 'adopt' cache: maven + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Build with Maven Wrapper run: ./mvnw -B package @@ -37,4 +44,41 @@ jobs: # I add this step for debug. # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - name: List all the container images on the runner - run: docker image list \ No newline at end of file + run: docker image + + +####################################### + + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish \ No newline at end of file From e5c8bd06371f8577195373922d43fdaf5ca50a95 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:42:12 +0100 Subject: [PATCH 05/21] Removed unused workflow --- .github/workflows/maven-build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 672fe33b8..f0441d814 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -35,6 +35,9 @@ jobs: - name: Build with Maven Wrapper run: ./mvnw -B package + - name: Validate Maven dependencies + run: mvn dependency:analyze + - name: Run Maven tests run: mvn test @@ -67,6 +70,10 @@ jobs: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan - name: Publish Build info With JFrog CLI env: From 79ca1159d1b5efcc06c7b103f0a3563310b5c8bf Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:49:54 +0100 Subject: [PATCH 06/21] trying source patterns. CLeaned up unused workflow --- .github/workflows/build-container.yml | 30 --------------------------- .github/workflows/maven-build.yml | 2 +- triggerci.txt | 1 - 3 files changed, 1 insertion(+), 32 deletions(-) delete mode 100644 .github/workflows/build-container.yml delete mode 100644 triggerci.txt diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml deleted file mode 100644 index a55c2f496..000000000 --- a/.github/workflows/build-container.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Java CI with Maven Container - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK ${{matrix.java}} - uses: actions/setup-java@v2 - with: - java-version: ${{matrix.java}} - distribution: 'adopt' - cache: maven - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image - diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index f0441d814..719344e2b 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -73,7 +73,7 @@ jobs: - name: Scan for vulnerabilities run: - jf scan + jf scan * - name: Publish Build info With JFrog CLI env: diff --git a/triggerci.txt b/triggerci.txt deleted file mode 100644 index d00491fd7..000000000 --- a/triggerci.txt +++ /dev/null @@ -1 +0,0 @@ -1 From 6cba61ff99f9ee8deaf60033bf7844835a32068c Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 11:49:14 +0100 Subject: [PATCH 07/21] Created a minimal workflow --- .github/workflows/ci-minimal.yml | 91 ++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 .github/workflows/ci-minimal.yml diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml new file mode 100644 index 000000000..a2ed11a2f --- /dev/null +++ b/.github/workflows/ci-minimal.yml @@ -0,0 +1,91 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Minimal build requirements for the petclinic application. + +# The workflow will execute on Push / PR as well as manually running. +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + +# The actual workflow jobs. I've split some of these up to +# allow more flexibility in future. +jobs: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + # Checkout the current repository + - uses: actions/checkout@v3 + + # Set up Java 17 on the runner + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + # Configure the JFrog CLI with the secrets we've saved. + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # Use the Maven wrapper to build the code. + - name: Build the Petclinic Package + run: ./mvnw -B package + + # Run the maven dependency analyzer + - name: Validate Maven dependencies + run: mvn dependency:analyze + + # Run the maven tests + - name: Run Maven tests + run: mvn test + + # Build the container image + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + # In order to upload the image to Artifactory, we'll retag the image. + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + # We push the image into artifactory + - name: Push Docker Image to Artifactory + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + # - name: Scan for vulnerabilities + # run: + # jf scan * + + # - name: Publish Build info With JFrog CLI + # env: + # # Generated and maintained by GitHub + # JFROG_CLI_BUILD_NAME: spring-petclinic + # # JFrog organization secret + # JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + # run: | + # # Export the build name and build nuber + # # Collect environment variables for the build + # jf rt build-collect-env + # # Collect VCS details from git and add them to the build + # jf rt build-add-git + # # Publish build info + # jf rt build-publish \ No newline at end of file From ccc963f78d89edcc5fe9e43b8a9cc0f551b9c3c8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 11:59:47 +0100 Subject: [PATCH 08/21] Added a more feature rich workflow --- .../{maven-build.yml => ci-learning.yml} | 78 +++++++++++++++++-- 1 file changed, 72 insertions(+), 6 deletions(-) rename .github/workflows/{maven-build.yml => ci-learning.yml} (54%) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/ci-learning.yml similarity index 54% rename from .github/workflows/maven-build.yml rename to .github/workflows/ci-learning.yml index 719344e2b..f63d763f8 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/ci-learning.yml @@ -10,7 +10,11 @@ on: branches: [ main ] jobs: - build: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: runs-on: ubuntu-latest strategy: @@ -48,10 +52,6 @@ jobs: # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - name: List all the container images on the runner run: docker image - - -####################################### - - name: Checkout code uses: actions/checkout@v2 @@ -88,4 +88,70 @@ jobs: # Collect VCS details from git and add them to the build jf rt build-add-git # Publish build info - jf rt build-publish \ No newline at end of file + jf rt build-publish + + + + +############################## + + container-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish From 8c4714770384c35a3713d342b1b9b5f2f0ff5387 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:01:33 +0100 Subject: [PATCH 09/21] fixed typo --- .github/workflows/ci-learning.yml | 102 +++++++++++++++--------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index f63d763f8..25722c3d0 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -95,63 +95,63 @@ jobs: ############################## - container-build: + container-build: - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] - steps: - - uses: actions/checkout@v3 - - name: Set up JDK ${{matrix.java}} - uses: actions/setup-java@v2 - with: - java-version: ${{matrix.java}} - distribution: 'adopt' - cache: maven + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image - - name: Checkout code - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish From bd77e6ad733aaf41c6e64d15feb128fa81a51cc8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:29:16 +0100 Subject: [PATCH 10/21] testing out some new ideas for the workflow --- .github/workflows/ci-learning.yml | 67 ++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 25722c3d0..61ebb64e8 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -1,7 +1,7 @@ # This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven -name: Java CI with Maven +name: Java CI with Maven (more complex) on: push: @@ -155,3 +155,68 @@ jobs: jf rt build-add-git # Publish build info jf rt build-publish + - name: Export the built image to a tar file + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: docker save $IMAGE_NAME > /tmp/petclinic.tar + + - name: Upload Image as an artifact + uses: actions/upload-artifact@v2 + with: + name: app + path: /tmp/petclinic.tar + + + publish-build: + needs: [source-build, container-build] + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - name: Download artifacts (Docker images) from previous workflows + uses: actions/download-artifact@v2 + + - name: Load Docker images from previous workflows + run: | + docker load --input /tmp/petclinic.tar + + - name: List all the container images on the runner + run: docker image ls + + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish \ No newline at end of file From 2c065555704abc5f64550f04265211a9bc743803 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:37:34 +0100 Subject: [PATCH 11/21] optimised workflow --- .github/workflows/ci-learning.yml | 84 +------------------------------ 1 file changed, 1 insertion(+), 83 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 61ebb64e8..a118c55fd 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -45,51 +45,7 @@ jobs: - name: Run Maven tests run: mvn test - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image - - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME - - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish - + @@ -114,47 +70,9 @@ jobs: - name: Build the Maven container image run: ./mvnw spring-boot:build-image - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME - - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish - name: Export the built image to a tar file env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT From 9b9b8f8ee7f5bec1aa8a291f99ed0bebd5426932 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:44:47 +0100 Subject: [PATCH 12/21] Fixed typo on publish build --- .github/workflows/ci-learning.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index a118c55fd..8d9e88531 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -45,11 +45,6 @@ jobs: - name: Run Maven tests run: mvn test - - - - -############################## container-build: @@ -96,6 +91,10 @@ jobs: steps: - name: Download artifacts (Docker images) from previous workflows uses: actions/download-artifact@v2 + with: + name: app + path: /tmp/petclinic.tar + - name: Load Docker images from previous workflows run: | From fd063f4818f8cb02f2194a7ea960ea2f0b2afede Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:50:14 +0100 Subject: [PATCH 13/21] typo --- .github/workflows/ci-learning.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 8d9e88531..f272f5fc6 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -93,12 +93,12 @@ jobs: uses: actions/download-artifact@v2 with: name: app - path: /tmp/petclinic.tar - + path: /tmp/petclinic/ + - name: Load Docker images from previous workflows run: | - docker load --input /tmp/petclinic.tar + docker load --input /tmp/petclinic/petclinic.tar - name: List all the container images on the runner run: docker image ls From 7b928ec15e2cd72e52d2d38f0f368703fa3925f7 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:58:08 +0100 Subject: [PATCH 14/21] added container image scan --- .github/workflows/ci-learning.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index f272f5fc6..4d9022e0e 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -110,18 +110,15 @@ jobs: JF_URL: ${{ secrets.JF_URL }} JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - name: Scan for vulnerabilities + - name: Scan Image for vulnerabilities run: - jf scan * + jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - name: Publish Build info With JFrog CLI env: From 89f42236c25571709e0a3b2b73ae10aee4c07336 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 13:04:44 +0100 Subject: [PATCH 15/21] Simplified the artifactory metadata --- .github/workflows/ci-learning.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 4d9022e0e..182be750e 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -129,8 +129,8 @@ jobs: run: | # Export the build name and build nuber # Collect environment variables for the build - jf rt build-collect-env + # jf rt build-collect-env # Collect VCS details from git and add them to the build - jf rt build-add-git + # jf rt build-add-git # Publish build info - jf rt build-publish \ No newline at end of file + # jf rt build-publish \ No newline at end of file From 19d0e71ea8b28c6a7d95cf3cd6378a0cbddb8abe Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 13:12:29 +0100 Subject: [PATCH 16/21] changed order of the image scan --- .github/workflows/ci-learning.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 182be750e..19fabaf76 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -110,16 +110,18 @@ jobs: JF_URL: ${{ secrets.JF_URL }} JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Scan Image for vulnerabilities + run: + jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - name: Scan Image for vulnerabilities - run: - jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - + - name: Publish Build info With JFrog CLI env: # Generated and maintained by GitHub From 5eab3a368a7a9608058697bc7a0dc065ba75adf0 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:31:11 +0100 Subject: [PATCH 17/21] Added a simple.md to the documentation. --- Docs/simple.md | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 Docs/simple.md diff --git a/Docs/simple.md b/Docs/simple.md new file mode 100644 index 000000000..e8a2b68e1 --- /dev/null +++ b/Docs/simple.md @@ -0,0 +1,65 @@ +# The "Simple" GitHub Actions pipeline + +This repository makes use of a GitHub actions pipeline. We'll be using a workflow to achieve this. + +## The steps +In order to successfully build, our workflow must + +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Use the Maven wrapper to build the source. +1. Run the Maven tests for the source +1. Use Maven to check dependencies +1. Package the code into a docker container +1. tag the container with the required name +1. Push the container into the Artifactory Repository + + + +# Using the image +In order to use the image, you will first need docker installed on your local system. + +__Authenticate to your container registry with your login__ +```console +foo@bar:~$ docker login -u [your-login] my0373.jfrog.io +``` +__Note:__ +*Please replace ```[your-login]``` with your artifactory login.* + + +__Pull the container image to your local system__ +```console +foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT +``` + +__Run the container image.__ +```console +foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT +``` + +__Note:__ +*Here I am exposing the site on port 8080. Please change to your requirements.* + + +The Image can be viewed in artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic). + +# Testing the application +Once the container is running, you should be able to connect on port 8080 on the target system. + +Assuming this is your local system, open a browser to http://127.0.0.1:8080/. + + + + +# Security scan +As part of the build, I've executed an xray scan of the repository and attached the scans in the + +### Code Compilation +The first step of the build process is to build + +GitHub link to the repo including + +Github Actions workflow files within that repo +Docker file within that repo +readme.md file explaining the work and how to run the project +Bonus Deliverable: XRay Scan Data export (JSON format) for your image From 765d361d077f89d6ba738d0853f2d525ee6f35c8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:32:47 +0100 Subject: [PATCH 18/21] Removed manual workflow trigger --- .github/workflows/ci-minimal.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index a2ed11a2f..1837e3f1d 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -9,7 +9,6 @@ on: branches: [ main ] pull_request: branches: [ main ] - workflow_dispatch: # The actual workflow jobs. I've split some of these up to # allow more flexibility in future. From 7a30650cdb0d76922165f453fd43c6faacd8c782 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:35:49 +0100 Subject: [PATCH 19/21] added ignore branches --- .github/workflows/ci-minimal.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index 1837e3f1d..3f3b675c1 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,9 +6,17 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - branches: [ main ] + branches: + - main + branches-ignore: + - test + pull_request: - branches: [ main ] + branches: + - main + branches-ignore: + - test + # The actual workflow jobs. I've split some of these up to # allow more flexibility in future. From 1dd3d05391bb47b617f8ecc0b5f8fb87c5fbcd47 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:37:34 +0100 Subject: [PATCH 20/21] added ignore branches --- .github/workflows/ci-minimal.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index 3f3b675c1..f5f5c99cb 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,14 +6,14 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - branches: - - main + # branches: + # - main branches-ignore: - test pull_request: - branches: - - main + # branches: + # - main branches-ignore: - test From cff61ad77535176f48b85f997ade4fb7f61eff13 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:39:35 +0100 Subject: [PATCH 21/21] fixed workflow runner event --- .github/workflows/ci-minimal.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index f5f5c99cb..bbd942e2e 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,17 +6,13 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - # branches: - # - main - branches-ignore: - - test - + branches: + - 'main' + pull_request: - # branches: - # - main - branches-ignore: - - test - + branches: + - 'main' + # The actual workflow jobs. I've split some of these up to # allow more flexibility in future.