Endpoints are now stored on db #245

Workflow file for this run

.github/workflows/build-update.yml at 8297e4b

	name: Build and update app

	permissions:
	contents: write
	pull-requests: write

	env:
	#variables related with the repository
	REPOSITORY_MAIN_BRANCH: "master"
	#variables related with the docker imager registry
	DOCKER_IMAGE_REPOSITORY: ikcap
	DOCKER_IMAGE_NAME: disk_backend
	DOCKER_FILE: "docker/backend/Dockerfile"
	#variables related with the continuous delivery
	MANIFEST_REPOSITORY: KnowledgeCaptureAndDiscovery/k8s
	MANIFEST_REPOSITORY_BRANCH: master
	KUSTOMIZE_IMAGE_NAME: backend-image-prod
	MANIFEST_REPOSITORY_PATH: disk-server/disk/bikes
	NEURO_MANIFEST_REPOSITORY_PATH: disk-server/disk/neuro
	CLIMATE_MANIFEST_REPOSITORY_PATH: disk-server/disk/climate
	DEV_MANIFEST_REPOSITORY_PATH: disk-server/disk/dev
	#security level
	VULNERABILITY_SCAN_LEVEL: "CRITICAL"

	on:
	push:
	branches:
	- "*"
	tags:
	- v*
	pull_request:

	jobs:
	java:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Set up JDK 8
	uses: actions/setup-java@v2
	with:
	java-version: "8"
	distribution: "temurin"
	cache: maven
	- name: Build with Maven
	run: mvn -B package --file pom.xml
	env:
	GITHUB_USERNAME: ${{ secrets.GITHUB_USERNAME }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- run: mkdir staging && cp server/target/*.war staging
	- uses: actions/upload-artifact@v2
	with:
	name: Package
	path: staging

	# This job build the app and the image. Then, push it
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	needs: [java]
	name: "Build and push the Docker Image"

	steps:
	- uses: actions/checkout@v2

	- uses: actions/download-artifact@v2
	with:
	name: Package
	path: build/


	- name: Create value as an environment variable
	run: \|
	echo "DOCKER_TAG=${GITHUB_SHA}" >> $GITHUB_ENV

	- name: Expose value
	id: exposeValue
	run: \|
	echo "::set-output name=docker_tag::${{ env.DOCKER_TAG }}"

	- name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push Docker image
	uses: docker/[email protected]
	with:
	push: true
	context: .
	tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_TAG }}
	file: ${{ env.DOCKER_FILE}}

	outputs:
	docker_tag: ${{ steps.exposeValue.outputs.docker_tag }}

	security:
	permissions:
	contents: read
	security-events: write
	packages: write
	name: "Scan vulnerabilities in the image"
	needs: [build]
	runs-on: ubuntu-latest
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
	with:
	image-ref: ${{ env.DOCKER_IMAGE_REPOSITORY }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }}
	format: "template"
	template: "@/contrib/sarif.tpl"
	output: "trivy-results.sarif"
	severity: ${{ env.VULNERABILITY_SCAN_LEVEL }}
	exit-code: "0"
	ignore-unfixed: "true"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v1
	if: always()
	with:
	sarif_file: "trivy-results.sarif"


	update:
	# This job the container running on k8s cluster
	needs: [build, security]
	name: "Deploy the app"
	if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
	runs-on: ubuntu-latest
	steps:
	- name: Check out k8s manifests
	uses: actions/checkout@v3
	if: github.event_name != 'pull_request'
	with:
	repository: ${{ env.MANIFEST_REPOSITORY }}
	ref: ${{ env.MANIFEST_REPOSITORY_BRANCH }}
	ssh-key: ${{ secrets.BOT_SSH }}
	persist-credentials: true

	- name: Setup Kustomize
	uses: imranismail/setup-kustomize@v1
	if: github.event_name != 'pull_request'
	with:
	kustomize-version: "3.6.1"

	- name: Update Kubernetes resources
	if: github.event_name != 'pull_request'
	run: \|
	cd ${{ env.MANIFEST_REPOSITORY_PATH }}
	kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }}
	cat kustomization.yaml

	- name: Update Kubernetes resources neuro
	if: github.event_name != 'pull_request'
	run: \|
	cd ${{ env.NEURO_MANIFEST_REPOSITORY_PATH }}
	kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME}}:${{ needs.build.outputs.docker_tag }}
	cat kustomization.yaml
	- name: Update Kubernetes resources climate
	if: github.event_name != 'pull_request'
	run: \|
	cd ${{ env.CLIMATE_MANIFEST_REPOSITORY_PATH }}
	kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }}
	cat kustomization.yaml

	- name: Update Kubernetes resources dev
	if: github.event_name != 'pull_request'
	run: \|
	cd ${{ env.DEV_MANIFEST_REPOSITORY_PATH }}
	kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }}
	cat kustomization.yaml
	- name: Commit files
	if: github.event_name != 'pull_request'
	run: \|
	git config --local user.email "[email protected]"
	git config --local user.name "GitHub Action"
	git commit -am "Disk backend updated"

	- name: Push changes
	if: github.event_name != 'pull_request'
	uses: ad-m/github-push-action@master
	with:
	ssh: true
	branch: ${{ env.MANIFEST_REPOSITORY_BRANCH }}
	repository: ${{ env.MANIFEST_REPOSITORY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Endpoints are now stored on db #245

Workflow file

Endpoints are now stored on db #245

Jobs

Run details

Workflow file for this run