add scan

.github/workflows/maven-build.yml

@@ -46,29 +46,72 @@ jobs:
     - name: Run Tests
       run: ./mvnw -B test
 
-  Run_Jmeter_test_plan:
+
+
+  Build_and_push:
     runs-on: ubuntu-latest
     needs: Run_test
-        strategy:
-          matrix:
-            java: [ '21' ]
     steps:
-          - uses: actions/checkout@v4
-          - name: Set up JDK ${{matrix.java}}
+    - name: checkout Git repository
+      uses: actions/checkout@v4
+    - name: Set up JDK 21
       uses: actions/setup-java@v4
       with:
-              java-version: ${{matrix.java}}
-              distribution: 'adopt'
-              cache: maven
-          - name: run docker
-            uses: docker-practice/actions-setup-docker@master
-          - name: Build Docker Image
-            run: docker build -t spring-petclinic .
-          - name: Run Docker Container
-            run: docker run -d -p 8080:8080 spring-petclinic
-          - name: Run JMeter Action on a test
-            uses: rbhadti94/apache-jmeter-action@v0.5.0
+        distribution: 'temurin' # See 'Supported distributions' for available options
+        java-version: '21'
+    - name: Login to Jfrog Artifactory
+      uses: docker/login-action@v3
       with:
-              testFilePath: src/test/jmeter/petclinic_test_plan.jmx
-              outputReportsFolder: reports/
-              args: "--loglevel INFO" 
+        registry: rodi26.jfrog.io
+        username: 'rodolphe.fontaine@orange.fr'
+        password: ${{ secrets.JF_ACCESS_TOKEN }}
+    - name: Build and push
+      uses: docker/build-push-action@v6
+      with:
+        push: true
+        tags: rodi26.jfrog.io/rodi26-docker/spring-petclinic:latest
+
+  scan-repository:
+    runs-on: ubuntu-latest
+    needs: Build_and_push
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: ["main"]
+    steps:
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '21'
+      - uses: jfrog/frogbot@v2.9.2
+        env:
+          # [Mandatory]
+          # JFrog platform URL
+          JF_URL: ${{ secrets.JF_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+          # [Mandatory if JF_ACCESS_TOKEN is not provided]
+          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+          # JF_USER: ${{ secrets.JF_USER }}
+
+          # [Mandatory if JF_ACCESS_TOKEN is not provided]
+          # JFrog password. Must be provided with JF_USER
+          # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+          # [Mandatory]
+          # The GitHub token is automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Mandatory]
+          # The name of the branch on which Frogbot will perform the scan
+          JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
+
+        # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
+        # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD
+        # with:
+        #   oidc-provider-name: ""
+        #JF_PATH_EXCLUSIONS: "*gradle*"