From b3e3dbf31e761b0e9009743dba325bfea9b89fb3 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 18:13:42 +0100 Subject: [PATCH] Added Simple and complex workflows --- .github/workflows/ci-learning.yml | 41 +++++++--------- .github/workflows/ci-minimal.yml | 2 +- Docs/learning.md | 77 +++++++++++++++++++++++++++++++ Docs/simple.md | 15 ++---- 4 files changed, 99 insertions(+), 36 deletions(-) create mode 100644 Docs/learning.md diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 19fabaf76..93bc07c96 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -29,13 +29,7 @@ jobs: java-version: ${{matrix.java}} distribution: 'adopt' cache: maven - - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - + - name: Build with Maven Wrapper run: ./mvnw -B package @@ -100,9 +94,6 @@ jobs: run: | docker load --input /tmp/petclinic/petclinic.tar - - name: List all the container images on the runner - run: docker image ls - - name: Setup JFrog CLI uses: jfrog/setup-jfrog-cli@v3 @@ -115,24 +106,24 @@ jobs: jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image + - name: Push Docker Image to the Artifactory repository env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - # jf rt build-collect-env - # Collect VCS details from git and add them to the build - # jf rt build-add-git - # Publish build info - # jf rt build-publish \ No newline at end of file + # - name: Publish Build info With JFrog CLI + # env: + # # Generated and maintained by GitHub + # JFROG_CLI_BUILD_NAME: spring-petclinic + # # JFrog organization secret + # JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + # run: | + # # Export the build name and build nuber + # # Collect environment variables for the build + # # jf rt build-collect-env + # # Collect VCS details from git and add them to the build + # # jf rt build-add-git + # # Publish build info + # # jf rt build-publish \ No newline at end of file diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index 6226850fb..2cad49f06 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -1,7 +1,7 @@ # This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven -name: Minimal build requirements for the petclinic application. +name: Java CI with Maven (minimal) # The workflow will execute on Push / PR as well as manually running. on: diff --git a/Docs/learning.md b/Docs/learning.md new file mode 100644 index 000000000..1092b1066 --- /dev/null +++ b/Docs/learning.md @@ -0,0 +1,77 @@ +# The "more complex" GitHub Actions pipeline + +This repository makes use of multiple jobs withing a GitHub actions pipeline. We'll be using a workflow to achieve this. + +This workflow runs the source build, test and dependency validation job. It then runs the container build jobs in parallel. + +## The trigger +The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised. + +## The steps +In order to successfully build, our workflow must + +### "source-build" job + +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Use the Maven wrapper to build the source. +1. Run the Maven tests for the source +1. Use Maven to check dependencies + +### "container-build" job +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Package the code into a docker container +1. Tag the container with the required name +1. Store the container as a binary artifact in the GitHub action. + +### "publish-build" job + +1. Retrieve the container as a binary artifact from GitHub. +1. Restore the container from a tarfile. +1. Setup the JFrog CLI tool +1. Use the jfrog scanner to scan the image for known vulnerabilities. +1. Push the tested, scanned image to the Artifactory repository. + + + + +# Using the image +In order to use the image, you will first need docker installed on your local system. + +__Authenticate to your container registry with your login__ +```console +foo@bar:~$ docker login -u [your-login] my0373.jfrog.io +``` +__Note:__ +*Please replace ```[your-login]``` with your artifactory login.* + + +__Pull the container image to your local system__ +```console +foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT +``` + +__Run the container image.__ +```console +foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT +``` + +__Note:__ +*Here I am exposing the site on port 8080. Please change to your requirements.* + + +The Image can be viewed in artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic). + +# Testing the application +Once the container is running, you should be able to connect on port 8080 on the target system. + +Assuming this is your local system, open a browser to http://127.0.0.1:8080/. + + + + +# Security scan +As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository [here](https://github.com/my0373/spring-petclinic/tree/main/Scan). + + diff --git a/Docs/simple.md b/Docs/simple.md index e8a2b68e1..c24965272 100644 --- a/Docs/simple.md +++ b/Docs/simple.md @@ -2,6 +2,9 @@ This repository makes use of a GitHub actions pipeline. We'll be using a workflow to achieve this. +## The trigger +The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised. + ## The steps In order to successfully build, our workflow must @@ -11,7 +14,7 @@ In order to successfully build, our workflow must 1. Run the Maven tests for the source 1. Use Maven to check dependencies 1. Package the code into a docker container -1. tag the container with the required name +1. Tag the container with the required name 1. Push the container into the Artifactory Repository @@ -52,14 +55,6 @@ Assuming this is your local system, open a browser to http://127.0.0.1:8080/. # Security scan -As part of the build, I've executed an xray scan of the repository and attached the scans in the +As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository [here](https://github.com/my0373/spring-petclinic/tree/main/Scan). -### Code Compilation -The first step of the build process is to build -GitHub link to the repo including - -Github Actions workflow files within that repo -Docker file within that repo -readme.md file explaining the work and how to run the project -Bonus Deliverable: XRay Scan Data export (JSON format) for your image