diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml new file mode 100644 index 000000000..c03ae9115 --- /dev/null +++ b/.github/workflows/ci-learning.yml @@ -0,0 +1,132 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Java CI with Maven (more complex) + +on: + workflow_dispatch: + +# on: +# push: +# branches: [ main ] +# pull_request: +# branches: [ main ] + +jobs: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + - name: Build with Maven Wrapper + run: ./mvnw -B package + + - name: Validate Maven dependencies + run: mvn dependency:analyze + + - name: Run Maven tests + run: mvn test + + + container-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Export the built image to a tar file + env: + IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + run: docker save $IMAGE_NAME > /tmp/petclinic.tar + + - name: Upload Image as an artifact + uses: actions/upload-artifact@v2 + with: + name: app + path: /tmp/petclinic.tar + + + publish-build: + needs: [source-build, container-build] + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - name: Download artifacts (Docker images) from previous workflows + uses: actions/download-artifact@v2 + with: + name: app + path: /tmp/petclinic/ + + + - name: Load Docker images from previous workflows + run: | + docker load --input /tmp/petclinic/petclinic.tar + + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Scan Image for vulnerabilities + run: + jf docker scan matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + + + - name: Push Docker Image to the Artifactory repository + env: + IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + + # - name: Publish Build info With JFrog CLI + # env: + # # Generated and maintained by GitHub + # JFROG_CLI_BUILD_NAME: spring-petclinic + # # JFrog organization secret + # JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + # run: | + # # Export the build name and build nuber + # # Collect environment variables for the build + # # jf rt build-collect-env + # # Collect VCS details from git and add them to the build + # # jf rt build-add-git + # # Publish build info + # # jf rt build-publish \ No newline at end of file diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml new file mode 100644 index 000000000..5735e3860 --- /dev/null +++ b/.github/workflows/ci-minimal.yml @@ -0,0 +1,78 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Java CI with Maven (minimal) + +on: + workflow_dispatch: + +# # The workflow will execute on Push / PR as well as manually running. +# on: +# push: +# branches: +# - 'main' + +# pull_request: +# branches: +# - 'main' + + +# The actual workflow jobs. I've split some of these up to +# allow more flexibility in future. +jobs: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + # Checkout the current repository + - uses: actions/checkout@v3 + + # Set up Java 17 on the runner + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + # Configure the JFrog CLI with the secrets we've saved. + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # Use the Maven wrapper to build the code. + - name: Build the Petclinic Package + run: ./mvnw -B package + + # Run the maven dependency analyzer + - name: Validate Maven dependencies + run: mvn dependency:analyze + + # Run the maven tests + - name: Run Maven tests + run: mvn test + + # Build the container image + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + # In order to upload the image to Artifactory, we'll retag the image. + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + + # We push the image into artifactory + - name: Push Docker Image to Artifactory + env: + IMAGE_NAME: matthewy.jfrog.io/petclinic-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml deleted file mode 100644 index 4718a6ce5..000000000 --- a/.github/workflows/maven-build.yml +++ /dev/null @@ -1,29 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Java CI with Maven - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] - - steps: - - uses: actions/checkout@v4 - - name: Set up JDK ${{matrix.java}} - uses: actions/setup-java@v4 - with: - java-version: ${{matrix.java}} - distribution: 'adopt' - cache: maven - - name: Build with Maven Wrapper - run: ./mvnw -B package diff --git a/Docs/learning.md b/Docs/learning.md new file mode 100644 index 000000000..1092b1066 --- /dev/null +++ b/Docs/learning.md @@ -0,0 +1,77 @@ +# The "more complex" GitHub Actions pipeline + +This repository makes use of multiple jobs withing a GitHub actions pipeline. We'll be using a workflow to achieve this. + +This workflow runs the source build, test and dependency validation job. It then runs the container build jobs in parallel. + +## The trigger +The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised. + +## The steps +In order to successfully build, our workflow must + +### "source-build" job + +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Use the Maven wrapper to build the source. +1. Run the Maven tests for the source +1. Use Maven to check dependencies + +### "container-build" job +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Package the code into a docker container +1. Tag the container with the required name +1. Store the container as a binary artifact in the GitHub action. + +### "publish-build" job + +1. Retrieve the container as a binary artifact from GitHub. +1. Restore the container from a tarfile. +1. Setup the JFrog CLI tool +1. Use the jfrog scanner to scan the image for known vulnerabilities. +1. Push the tested, scanned image to the Artifactory repository. + + + + +# Using the image +In order to use the image, you will first need docker installed on your local system. + +__Authenticate to your container registry with your login__ +```console +foo@bar:~$ docker login -u [your-login] my0373.jfrog.io +``` +__Note:__ +*Please replace ```[your-login]``` with your artifactory login.* + + +__Pull the container image to your local system__ +```console +foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT +``` + +__Run the container image.__ +```console +foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT +``` + +__Note:__ +*Here I am exposing the site on port 8080. Please change to your requirements.* + + +The Image can be viewed in artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic). + +# Testing the application +Once the container is running, you should be able to connect on port 8080 on the target system. + +Assuming this is your local system, open a browser to http://127.0.0.1:8080/. + + + + +# Security scan +As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository [here](https://github.com/my0373/spring-petclinic/tree/main/Scan). + + diff --git a/Docs/simple.md b/Docs/simple.md new file mode 100644 index 000000000..c24965272 --- /dev/null +++ b/Docs/simple.md @@ -0,0 +1,60 @@ +# The "Simple" GitHub Actions pipeline + +This repository makes use of a GitHub actions pipeline. We'll be using a workflow to achieve this. + +## The trigger +The workflow is configured to run when the "main" branch is pushed, or when a PR for the "main" branch is raised. + +## The steps +In order to successfully build, our workflow must + +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Use the Maven wrapper to build the source. +1. Run the Maven tests for the source +1. Use Maven to check dependencies +1. Package the code into a docker container +1. Tag the container with the required name +1. Push the container into the Artifactory Repository + + + +# Using the image +In order to use the image, you will first need docker installed on your local system. + +__Authenticate to your container registry with your login__ +```console +foo@bar:~$ docker login -u [your-login] my0373.jfrog.io +``` +__Note:__ +*Please replace ```[your-login]``` with your artifactory login.* + + +__Pull the container image to your local system__ +```console +foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT +``` + +__Run the container image.__ +```console +foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT +``` + +__Note:__ +*Here I am exposing the site on port 8080. Please change to your requirements.* + + +The Image can be viewed in artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic). + +# Testing the application +Once the container is running, you should be able to connect on port 8080 on the target system. + +Assuming this is your local system, open a browser to http://127.0.0.1:8080/. + + + + +# Security scan +As part of the build, I've executed an xray scan of the repository and attached the scans in the Scan directory of the repository [here](https://github.com/my0373/spring-petclinic/tree/main/Scan). + + diff --git a/Scan/Docker_spring-petclinic_version-3.1.0-SNAPSHOT_my0373@gmail.com_2023-10-14.zip b/Scan/Docker_spring-petclinic_version-3.1.0-SNAPSHOT_my0373@gmail.com_2023-10-14.zip new file mode 100644 index 000000000..094475d42 Binary files /dev/null and b/Scan/Docker_spring-petclinic_version-3.1.0-SNAPSHOT_my0373@gmail.com_2023-10-14.zip differ