Skip to content

Feature/639 policy store api paging #1044

Feature/639 policy store api paging

Feature/639 policy store api paging #1044

Workflow file for this run

name: IRS build
on:
workflow_dispatch: # Trigger manually
pull_request:
paths-ignore:
- '**/*.md'
- '**/*.txt'
- 'charts/**'
- '.config/**'
- 'docs/**'
- '!docs/src/api/**'
- 'local/**'
- 'CHANGELOG.md'
push:
branches:
- main
tags:
- '**'
jobs:
init:
runs-on: ubuntu-latest
outputs:
image_namespace: tractusx
image_name: irs-api
docker_hub_user: ${{ secrets.DOCKER_HUB_USER }}
# In order to skip sonar if not configured
sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}
steps:
- run: |
echo "Preparing variables"
echo "sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}"
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: |
mvn clean verify --batch-mode
analyze_with_Sonar:
needs: [init]
# No need to run if we cannot use the sonar token
if: >-
needs.init.outputs.sonar_configured == 'true'
&& (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
&& github.actor != 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Analyze with Sonar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn --batch-mode --update-snapshots verify \
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \
-Dcheckstyle.skip -Dpmd.skip=true
build_images:
needs: [init]
strategy:
matrix:
image:
- irs-api
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.version.outputs.image_tag }}
steps:
- uses: actions/checkout@v4
- name: Build image to make sure Dockerfile is valid
run: |
# RUN --mount=type=cache is used in the IRS Dockerfile to cache directories for maven.
# And the --mount option requires BuildKit.
DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest .
- name: Set image version
id: version
run: |
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Support PR ref versions
[[ "${{ github.ref }}" == "refs/pull/"* ]] && VERSION=PR-$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\)/merge,\1,')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
echo VERSION=$VERSION
echo "::set-output name=image_tag::$VERSION"
- name: Login to Docker Hub
if: needs.init.outputs.docker_hub_user != ''
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Push image (DockerHub)
if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request'
run: |
docker tag ${{ matrix.image }} ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }}
docker push ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }}
docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA
docker push $IMAGE_ID:$GITHUB_SHA
# https://github.com/peter-evans/dockerhub-description
- name: Update Docker Hub description
if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
repository: ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}
readme-filepath: ./DOCKER_NOTICE.md
trigger-trivy-image-scan:
if: >-
github.event_name != 'pull_request'
needs:
- build_images
uses: ./.github/workflows/trivy-docker-hub-scan.yml