Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-22 07:45:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

replace Docker builds with jf build step, and upload sarif file to Github sec

Browse source
This commit is contained in:
Dan Alima 2023-12-30 23:36:55 +02:00
parent 1d8094f0c9
commit a40c036578
1 changed files with 31 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
.github/workflows/maven-build.yml vendored
View file

@ -26,24 +26,49 @@ jobs:
distribution: 'corretto' distribution: 'corretto'
cache: maven cache: maven
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v3
env:
JF_URL: ${{ secrets.JF_URL }}
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
- name: Compile the code - name: Compile the code
run: ./mvnw -B package -D skipTests run: ./mvnw -B package -D skipTests
- name: Run the tests - name: Run the tests
run: ./mvnw test run: ./mvnw test
- name: Package the project as a runnable Docker image - name: Package the project as a runnable Docker image
run: docker build -t my_repo/jfrog_assignment:${{ github.sha }} . env:
IMAGE_NAME: danvid.jfrog.io/assignment-docker/spring-petclinic:${{ github.sha }}
run: |
jf docker build -t $IMAGE_NAME .
jf docker push $IMAGE_NAME
- name: Publish Build info With JFrog CLI
env:
# Generated and maintained by GitHub
JFROG_CLI_BUILD_NAME: spring-petclinic
# JFrog organization secret
JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }}
run: |
# Export the build name and build nuber
# Collect environment variables for the build
jf rt build-collect-env
# Collect VCS details from git and add them to the build
jf rt build-add-git
# Publish build info
jf rt build-publish
- name: Scan the project with your preferred SCA tool - name: Scan the project with your preferred SCA tool
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: 'my_repo/jfrog_assignment:${{ github.sha }}' image-ref: 'danvid.jfrog.io/assignment-docker/spring-petclinic:${{ github.sha }}'
format: 'sarif' format: 'sarif'
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
ignore-unfixed: true ignore-unfixed: true
vuln-type: 'os,library' vuln-type: 'os,library'
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
- uses: actions/upload-artifact@v4 - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with: with:
name: trivy-results.sarif sarif_file: 'trivy-results.sarif'
path: trivy-results.sarif