Update to DISK ontology 1.3 #253
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and update app | |
permissions: | |
contents: write | |
pull-requests: write | |
env: | |
#variables related with the repository | |
REPOSITORY_MAIN_BRANCH: "master" | |
#variables related with the docker imager registry | |
DOCKER_IMAGE_REPOSITORY: ikcap | |
DOCKER_IMAGE_NAME: disk_backend | |
DOCKER_FILE: "docker/backend/Dockerfile" | |
#variables related with the continuous delivery | |
MANIFEST_REPOSITORY: KnowledgeCaptureAndDiscovery/k8s | |
MANIFEST_REPOSITORY_BRANCH: master | |
KUSTOMIZE_IMAGE_NAME: backend-image-prod | |
MANIFEST_REPOSITORY_PATH: disk-server/disk/bikes | |
NEURO_MANIFEST_REPOSITORY_PATH: disk-server/disk/neuro | |
CLIMATE_MANIFEST_REPOSITORY_PATH: disk-server/disk/climate | |
DEV_MANIFEST_REPOSITORY_PATH: disk-server/disk/dev | |
#security level | |
VULNERABILITY_SCAN_LEVEL: "CRITICAL" | |
on: | |
push: | |
branches: | |
- "*" | |
tags: | |
- v* | |
pull_request: | |
jobs: | |
java: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 8 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: "8" | |
distribution: "temurin" | |
cache: maven | |
- name: Build with Maven | |
run: mvn -B package --file pom.xml | |
env: | |
GITHUB_USERNAME: ${{ secrets.GITHUB_USERNAME }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: mkdir staging && cp server/target/*.war staging | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: Package | |
path: staging | |
# This job build the app and the image. Then, push it | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
needs: [java] | |
name: "Build and push the Docker Image" | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/download-artifact@v2 | |
with: | |
name: Package | |
path: build/ | |
- name: Create value as an environment variable | |
run: | | |
echo "DOCKER_TAG=${GITHUB_SHA}" >> $GITHUB_ENV | |
- name: Expose value | |
id: exposeValue | |
run: | | |
echo "::set-output name=docker_tag::${{ env.DOCKER_TAG }}" | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push Docker image | |
uses: docker/[email protected] | |
with: | |
push: true | |
context: . | |
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_TAG }} | |
file: ${{ env.DOCKER_FILE}} | |
outputs: | |
docker_tag: ${{ steps.exposeValue.outputs.docker_tag }} | |
security: | |
permissions: | |
contents: read | |
security-events: write | |
packages: write | |
name: "Scan vulnerabilities in the image" | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2 | |
with: | |
image-ref: ${{ env.DOCKER_IMAGE_REPOSITORY }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }} | |
format: "template" | |
template: "@/contrib/sarif.tpl" | |
output: "trivy-results.sarif" | |
severity: ${{ env.VULNERABILITY_SCAN_LEVEL }} | |
exit-code: "0" | |
ignore-unfixed: "true" | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v1 | |
if: always() | |
with: | |
sarif_file: "trivy-results.sarif" | |
update: | |
# This job the container running on k8s cluster | |
needs: [build, security] | |
name: "Deploy the app" | |
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out k8s manifests | |
uses: actions/checkout@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
repository: ${{ env.MANIFEST_REPOSITORY }} | |
ref: ${{ env.MANIFEST_REPOSITORY_BRANCH }} | |
ssh-key: ${{ secrets.BOT_SSH }} | |
persist-credentials: true | |
- name: Setup Kustomize | |
uses: imranismail/setup-kustomize@v1 | |
if: github.event_name != 'pull_request' | |
with: | |
kustomize-version: "3.6.1" | |
- name: Update Kubernetes resources | |
if: github.event_name != 'pull_request' | |
run: | | |
cd ${{ env.MANIFEST_REPOSITORY_PATH }} | |
kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }} | |
cat kustomization.yaml | |
- name: Update Kubernetes resources neuro | |
if: github.event_name != 'pull_request' | |
run: | | |
cd ${{ env.NEURO_MANIFEST_REPOSITORY_PATH }} | |
kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME}}:${{ needs.build.outputs.docker_tag }} | |
cat kustomization.yaml | |
- name: Update Kubernetes resources climate | |
if: github.event_name != 'pull_request' | |
run: | | |
cd ${{ env.CLIMATE_MANIFEST_REPOSITORY_PATH }} | |
kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }} | |
cat kustomization.yaml | |
- name: Update Kubernetes resources dev | |
if: github.event_name != 'pull_request' | |
run: | | |
cd ${{ env.DEV_MANIFEST_REPOSITORY_PATH }} | |
kustomize edit set image ${{ env.KUSTOMIZE_IMAGE_NAME }}=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }} | |
cat kustomization.yaml | |
- name: Commit files | |
if: github.event_name != 'pull_request' | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "GitHub Action" | |
git commit -am "Disk backend updated" | |
- name: Push changes | |
if: github.event_name != 'pull_request' | |
uses: ad-m/github-push-action@master | |
with: | |
ssh: true | |
branch: ${{ env.MANIFEST_REPOSITORY_BRANCH }} | |
repository: ${{ env.MANIFEST_REPOSITORY }} |