IRS build #1079

Workflow file for this run

.github/workflows/irs-build.yml at bfb92be

	name: IRS build

	on:
	workflow_dispatch: # Trigger manually
	pull_request:
	paths-ignore:
	- '*/.md'
	- '*/.txt'
	- 'charts/**'
	- '.config/**'
	- 'docs/**'
	- '!docs/src/api/**'
	- 'local/**'
	- 'CHANGELOG.md'


	push:
	branches:
	- main
	tags:
	- '**'


	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Build with Maven
	run: \|
	mvn clean verify --batch-mode

	check_sonar_configured:
	runs-on: ubuntu-latest
	steps:
	- name: check_sonar_configured
	run: \|
	echo "Checking if sonar is configured: ${{ env.SONAR_CONFIGURED }}"
	env:
	SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}
	outputs:
	sonar_configured: ${{ env.SONAR_CONFIGURED }}

	analyze_with_Sonar:
	needs: [check_sonar_configured]
	# No need to run if we cannot use the sonar token
	if: >-
	needs.check_sonar_configured.outputs.sonar_configured == 'true'
	&& (github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository)
	&& github.actor != 'dependabot[bot]'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Cache SonarCloud packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Analyze with Sonar
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	mvn --batch-mode --update-snapshots verify \
	org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
	-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \
	-Dcheckstyle.skip -Dpmd.skip=true

	build_images:
	strategy:
	matrix:
	image:
	- irs-api
	runs-on: ubuntu-latest
	outputs:
	image-tag: ${{ steps.version.outputs.image_tag }}
	steps:
	- uses: actions/checkout@v4

	- name: Build image to make sure Dockerfile is valid
	run: \|
	# RUN --mount=type=cache is used in the IRS Dockerfile to cache directories for maven.
	# And the --mount option requires BuildKit.
	DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest .

	- name: Set image version
	id: version
	run: \|
	# Strip git ref prefix from version
	VERSION=$(echo "${{ github.ref }}" \| sed -e 's,./$.$,\1,')
	# Strip "v" prefix from tag name
	[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION \| sed -e 's/^v//')
	# Support PR ref versions
	[[ "${{ github.ref }}" == "refs/pull/"* ]] && VERSION=PR-$(echo "${{ github.ref }}" \| sed -e 's,./$.$/merge,\1,')
	# Use Docker `latest` tag convention
	[ "$VERSION" == "main" ] && VERSION=latest
	echo VERSION=$VERSION
	echo "::set-output name=image_tag::$VERSION"

	- name: Log in to registry
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: >-
	env.DOCKER_HUB_USER == '' &&
	(github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository) &&
	github.actor != 'dependabot[bot]'
	# This is where you will update the PAT to GITHUB_TOKEN
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Login to Docker Hub
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER != ''
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Push image (DockerHub)
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	IMAGE_NAMESPACE: tractusx
	IMAGE_NAME: irs-api
	if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request'
	run: \|
	IMAGE_ID=$${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}

	docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }}
	docker push IMAGE_ID:${{ steps.version.outputs.image_tag }}

	docker tag ${{ matrix.image }} IMAGE_ID:$GITHUB_SHA
	docker push IMAGE_ID:$GITHUB_SHA

	# https://github.com/peter-evans/dockerhub-description
	- name: Update Docker Hub description
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	IMAGE_NAMESPACE: tractusx
	IMAGE_NAME: irs-api
	if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request'
	uses: peter-evans/dockerhub-description@v4
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}
	repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
	readme-filepath: ./DOCKER_NOTICE.md

	trigger-trivy-image-scan:
	if: >-
	github.event_name != 'pull_request'
	needs:
	- build_images
	uses: ./.github/workflows/trivy-docker-hub-scan.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IRS build #1079

Workflow file

IRS build #1079

Jobs

Run details

Workflow file for this run