Skip to content

Migrated to javalin 6.3.0 and openapi 6.3.0 (#90) #43

Migrated to javalin 6.3.0 and openapi 6.3.0 (#90)

Migrated to javalin 6.3.0 and openapi 6.3.0 (#90) #43

name: Build and publish Docker distributions to Github Container Registry ghcr.io
on:
push:
tags:
- \d+.\d+.\d+-dev
jobs:
app-version:
name: Extract app version
uses: th2-net/.github/.github/workflows/compound-prebuild-java-workflow.yml@main
with:
project-path: app
get-previous-tag:
name: Get previous tag
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 100
fetch-tags: true
- id: previous-tag
run: |
FOUND_TAG=$(git tag --list --sort=-version:refname '*.*.*-dev' | head --lines 2 | tail --lines 1)
echo "result=$FOUND_TAG" >> "$GITHUB_OUTPUT"
[[ -z $(echo "$FOUND_TAG") ]] && { echo "No tag found..."; exit 1; } || { echo "Tag found: ${FOUND_TAG}"; }
outputs:
tag: ${{ steps.previous-tag.outputs.result }}
changes:
name: Collect changed files
runs-on: ubuntu-20.04
needs:
- get-previous-tag
outputs:
app: ${{ steps.filter.outputs.app }}
grpc: ${{ steps.filter.outputs.grpc }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2
id: filter
with:
base: ${{ needs.get-previous-tag.outputs.tag }}
filters: |
app:
- 'app/gradle.properties'
grpc:
- 'grpc/gradle.properties'
utils:
- 'utils/gradle.properties'
grpc-version:
name: Extract gRPC version
needs:
- changes
if: ${{ needs.changes.outputs.grpc == 'true' }}
uses: th2-net/.github/.github/workflows/compound-prebuild-java-workflow.yml@main
with:
project-path: grpc
utils-version:
name: Extract utils version
needs:
- changes
if: ${{ needs.changes.outputs.utils == 'true' }}
uses: th2-net/.github/.github/workflows/compound-prebuild-java-workflow.yml@main
with:
project-path: utils
build-and-publish-grpc-java:
name: Build and publish Java gRPC distributions
runs-on: 'ubuntu-20.04'
needs:
- changes
if: ${{ needs.changes.outputs.grpc == 'true' }}
steps:
- uses: actions/checkout@v4
- name: Set up JDK 'zulu' '11'
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '11'
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Build with Gradle
run: ./gradlew --info -Pversion_suffix='dev' clean build :grpc-lw-data-provider:publish closeAndReleaseSonatypeStagingRepository
env:
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_NEXUS_USERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_NEXUS_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYPE_GPG_ARMORED_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYPE_SIGNING_PASSWORD }}
build-and-publish-grpc-python:
name: Build and publish Python distributions to PyPI
needs:
- build-and-publish-grpc-java
- grpc-version
- changes
if: ${{ needs.changes.outputs.grpc == 'true' }}
uses: th2-net/.github/.github/workflows/compaund-python-grpc-pypi-publication.yml@main
with:
custom-version: ${{ needs.grpc-version.outputs.version }}rc1
project-path: grpc
secrets:
pypi_password: ${{ secrets.PYPI_PASSWORD }}
build-and-publish-utils:
name: Build and publish utils library
runs-on: 'ubuntu-20.04'
needs:
- build-and-publish-grpc-java
- changes
if: |
always() &&
(needs.changes.outputs.utils == 'true' || needs.changes.outputs.grpc == 'true')
steps:
- uses: actions/checkout@v4
- name: Set up JDK 'zulu' '11'
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '11'
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Build with Gradle
run: ./gradlew --info -Pversion_suffix='dev' clean build :lw-data-provider-utils:publish closeAndReleaseSonatypeStagingRepository
env:
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_NEXUS_USERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_NEXUS_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYPE_GPG_ARMORED_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYPE_SIGNING_PASSWORD }}
owasp-scan:
uses: th2-net/.github/.github/workflows/owasp-gradle-scan.yml@main
with:
multiproject: true
secrets:
nvd-api-key: ${{ secrets.NVD_APIKEY }}
license-scan:
uses: th2-net/.github/.github/workflows/license_check.yml@main
needs: [app-version]
with:
version: ${{ needs.app-version.outputs.version }}-dev
publish-docker:
name: Build and publish docker image
if: |
always() &&
(needs.changes.outputs.app == 'true' || needs.changes.outputs.grpc == 'true')
needs:
- build-and-publish-grpc-python
- build-and-publish-grpc-java
- app-version
uses: th2-net/.github/.github/workflows/compaund-java-docker-push.yml@main
with:
docker-username: ${{ github.actor }}
version: ${{ needs.app-version.outputs.version }}-dev
versionNumber: ${{ needs.app-version.outputs.version }}
dockerContext: '.'
gradleParameters: '["clean", "build", "dockerPrepare"]'
secrets:
docker-password: ${{ secrets.GITHUB_TOKEN }}
trivy-docker-scan:
name: Scan Docker image for vulnerabilities
needs:
- publish-docker
- app-version
uses: th2-net/.github/.github/workflows/trivy-scan-github.yml@main
with:
image-path: ghcr.io/${{ github.repository }}:${{ needs.app-version.outputs.version }}-dev
target: 'os,library'
sensitivity: 'CRITICAL,HIGH,MEDIUM'