test merge

.github/workflows/ci-learning.yml

@@ -0,0 +1,132 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven (more complex)
+
+on:
+  workflow_dispatch:
+
+# on:
+#   push:
+#     branches: [ main ]
+#   pull_request:
+#     branches: [ main ]
+
+jobs:
+
+  # The source build job is designed to ensure that the source...
+  # * builds
+  # * 
+  source-build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK ${{matrix.java}}
+        uses: actions/setup-java@v2
+        with:
+          java-version: ${{matrix.java}}
+          distribution: 'adopt'
+          cache: maven
+          
+      - name: Build with Maven Wrapper
+        run: ./mvnw -B package
+
+      - name: Validate Maven dependencies
+        run: mvn dependency:analyze
+
+      - name: Run Maven tests
+        run: mvn test
+
+
+  container-build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK ${{matrix.java}}
+        uses: actions/setup-java@v2
+        with:
+          java-version: ${{matrix.java}}
+          distribution: 'adopt'
+          cache: maven
+
+      - name: Build the Maven container image
+        run: ./mvnw spring-boot:build-image
+
+      - name: Retag image with jfrog repo
+        run: docker tag spring-petclinic:3.1.0-SNAPSHOT matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT
+
+      - name: Export the built image to a tar file  
+        env:
+          IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT
+        run: docker save $IMAGE_NAME > /tmp/petclinic.tar
+             
+      - name: Upload Image as an artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: app
+          path: /tmp/petclinic.tar
+
+
+  publish-build:
+    needs: [source-build, container-build]
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - name: Download artifacts (Docker images) from previous workflows
+        uses: actions/download-artifact@v2
+        with:
+          name: app
+          path: /tmp/petclinic/
+
+
+      - name: Load Docker images from previous workflows
+        run: |
+          docker load --input /tmp/petclinic/petclinic.tar 
+
+
+      - name: Setup JFrog CLI
+        uses: jfrog/setup-jfrog-cli@v3
+        env:
+          JF_URL: ${{ secrets.JF_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+      - name: Scan Image for vulnerabilities
+        run:
+          jf docker scan matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT   
+            
+
+      - name: Push Docker Image to the Artifactory repository
+        env:
+          IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT
+        run:
+          jf docker push $IMAGE_NAME
+
+
+      # - name: Publish Build info With JFrog CLI
+      #   env:
+      #     # Generated and maintained by GitHub
+      #     JFROG_CLI_BUILD_NAME: spring-petclinic
+      #     # JFrog organization secret
+      #     JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }}
+      #   run: |
+      #     # Export the build name and build nuber
+      #     # Collect environment variables for the build
+      #     # jf rt build-collect-env
+      #     # Collect VCS details from git and add them to the build
+      #     # jf rt build-add-git
+      #     # Publish build info
+      #     # jf rt build-publish

.github/workflows/ci-minimal.yml

@@ -0,0 +1,78 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven (minimal)
+
+on:
+  workflow_dispatch:
+    
+# # The workflow will execute on Push / PR as well as manually running.
+# on:
+#   push:
+#     branches: 
+#      - 'main'
+    
+#   pull_request:
+#     branches: 
+#       - 'main'
+    
+
+# The actual workflow jobs. I've split some of these up to 
+# allow more flexibility in future.
+jobs:
+
+  # The source build job is designed to ensure that the source...
+  # * builds
+  # * 
+  source-build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      # Checkout the current repository
+      - uses: actions/checkout@v3
+
+      # Set up Java 17 on the runner
+      - name: Set up JDK ${{matrix.java}}
+        uses: actions/setup-java@v2
+        with:
+          java-version: ${{matrix.java}}
+          distribution: 'adopt'
+          cache: maven
+
+      # Configure the JFrog CLI with the secrets we've saved. 
+      - name: Setup JFrog CLI
+        uses: jfrog/setup-jfrog-cli@v3
+        env:
+          JF_URL: ${{ secrets.JF_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+            
+      # Use the Maven wrapper to build the code. 
+      - name: Build the Petclinic Package
+        run: ./mvnw -B package
+
+      # Run the maven dependency analyzer
+      - name: Validate Maven dependencies
+        run: mvn dependency:analyze
+
+      # Run the maven tests
+      - name: Run Maven tests
+        run: mvn test
+
+      # Build the container image
+      - name: Build the Maven container image
+        run: ./mvnw spring-boot:build-image
+      
+      # In order to upload the image to Artifactory, we'll retag the image.
+      - name: Retag image with jfrog repo
+        run: docker tag spring-petclinic:3.1.0-SNAPSHOT matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT
+  
+      # We push the image into artifactory
+      - name: Push Docker Image to Artifactory
+        env:
+          IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT
+        run:
+          jf docker push $IMAGE_NAME

.github/workflows/maven-build.yml

@@ -1,29 +0,0 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-
-name: Java CI with Maven
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        java: [ '17' ]
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK ${{matrix.java}}
-        uses: actions/setup-java@v4
-        with:
-          java-version: ${{matrix.java}}
-          distribution: 'adopt'
-          cache: maven
-      - name: Build with Maven Wrapper
-        run: ./mvnw -B package

Docs/learning.md

@@ -0,0 +1,77 @@
+# The "more complex" GitHub Actions pipeline
+
+This repository makes use of multiple jobs withing a GitHub actions pipeline. We'll be using a workflow to achieve this.
+
+This workflow runs the source build, test and dependency validation job. It then runs the container build jobs in parallel. 
+
+## The trigger
+The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised.
+  
+## The steps
+In order to successfully build, our workflow must 
+
+### "source-build" job
+
+1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic).
+1. Ensure that Java 17 is installed on the GitHub runner.
+1. Use the Maven wrapper to build the source.
+1. Run the Maven tests for the source
+1. Use Maven to check dependencies
+
+### "container-build" job
+1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic).
+1. Ensure that Java 17 is installed on the GitHub runner.
+1. Package the code into a docker container
+1. Tag the container with the required name
+1. Store the container as a binary artifact in the GitHub action.
+
+### "publish-build" job
+
+1. Retrieve the container as a binary artifact from GitHub.
+1. Restore the container from a tarfile.
+1. Setup the JFrog CLI tool
+1. Use the jfrog scanner to scan the image for known vulnerabilities.
+1. Push the tested, scanned image to the Artifactory repository.
+
+
+
+
+# Using the image
+In order to use the image, you will first need docker installed on your local system.
+
+__Authenticate to your container registry with your login__
+```console
+foo@bar:~$ docker login -u [your-login] my0373.jfrog.io
+```
+__Note:__
+*Please replace ```[your-login]``` with your artifactory login.*
+
+
+__Pull the container image to your local system__
+```console
+foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT
+```
+
+__Run the container image.__ 
+```console
+foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT
+```
+
+__Note:__
+*Here I am exposing the site on port 8080. Please change to your requirements.*
+
+
+The Image can be viewed in  artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic).
+
+# Testing the application
+Once the container is running, you should be able to connect on port 8080 on the target system.
+
+Assuming this is your local system, open a browser to http://127.0.0.1:8080/.
+
+
+
+
+# Security scan
+As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository  [here](https://github.com/my0373/spring-petclinic/tree/main/Scan).
+
+

Docs/simple.md

@@ -0,0 +1,60 @@
+# The "Simple" GitHub Actions pipeline
+
+This repository makes use of a GitHub actions pipeline. We'll be using a workflow to achieve this. 
+
+## The trigger
+The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised.
+  
+## The steps
+In order to successfully build, our workflow must 
+
+1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic).
+1. Ensure that Java 17 is installed on the GitHub runner.
+1. Use the Maven wrapper to build the source.
+1. Run the Maven tests for the source
+1. Use Maven to check dependencies
+1. Package the code into a docker container
+1. Tag the container with the required name
+1. Push the container into the Artifactory Repository
+
+
+
+# Using the image
+In order to use the image, you will first need docker installed on your local system.
+
+__Authenticate to your container registry with your login__
+```console
+foo@bar:~$ docker login -u [your-login] my0373.jfrog.io
+```
+__Note:__
+*Please replace ```[your-login]``` with your artifactory login.*
+
+
+__Pull the container image to your local system__
+```console
+foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT
+```
+
+__Run the container image.__ 
+```console
+foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT
+```
+
+__Note:__
+*Here I am exposing the site on port 8080. Please change to your requirements.*
+
+
+The Image can be viewed in  artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic).
+
+# Testing the application
+Once the container is running, you should be able to connect on port 8080 on the target system.
+
+Assuming this is your local system, open a browser to http://127.0.0.1:8080/.
+
+
+
+
+# Security scan
+As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository  [here](https://github.com/my0373/spring-petclinic/tree/main/Scan).
+
+