Bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 #4084
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ubuntu Maven build | |
| env: | |
| MAVEN_OPTS: -Djava.awt.headless=true | |
| concurrency: # More info: https://stackoverflow.com/a/68422069/253468 | |
| group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "16 23 * * 0" | |
| jobs: | |
| build: | |
| name: Build w/ Java 17 | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: 'Set up Maven' | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.9.6' | |
| - name: Priming build with Maven | |
| run: mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true install | |
| - name: Test with Maven | |
| run: | | |
| mvn -B -fae -e test | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| verbose: true | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Build javadoc | |
| run: mvn javadoc:javadoc | |
| postgresql-test: | |
| name: PostgreSQL verify | |
| runs-on: ubuntu-latest | |
| if: ${{ github.author != 'dependabot[bot]' }} | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: 'Set up Maven' | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.9.6' | |
| - name: 'Login to b3p.nl' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.b3p.nl | |
| username: ${{ secrets.DOCKER_B3P_PULL_ACTOR }} | |
| password: ${{ secrets.DOCKER_B3P_PULL_TOKEN }} | |
| - name: 'Setup testdata databases' | |
| run: ./build/ci/testdata-setup.sh | |
| - name: Test PostgreSQL with Maven | |
| run: mvn -B -fae -e -DskipQA=true -Pqa-skip -Ddocker.skip=true -Ppostgresql verify -Dspring-boot.run.profiles=dev,populate-testdata,postgresql -Dspring-boot.run.arguments=--spatial.dbs.connect=true | |
| - name: 'Upload test results' | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: Test Results | |
| path: | | |
| target/failsafe-reports/TEST-*.xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| verbose: true | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # Upload event file so test results can be processed for the PR | |
| # https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches | |
| event_file: | |
| name: "Event File" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Upload | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Event File | |
| path: ${{ github.event_path }} | |
| site: | |
| name: 'Publish gh-pages' | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }} | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: 'Set up Maven' | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.9.6' | |
| - name: 'Build Maven site' | |
| env: | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| run: mvn site | |
| - name: 'Deploy gh-pages' | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| branch: gh-pages | |
| folder: target/site | |
| publish: | |
| name: Deploy artifacts | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| packages: write | |
| contents: read | |
| if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: 'Set up Maven' | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.9.6' | |
| - name: Build and Push | |
| # no need to run any QC or tests | |
| # note deploy will deploy both Maven artifact as well as Docker image | |
| env: | |
| B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }} | |
| B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }} | |
| GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| docker run --privileged --rm tonistiigi/binfmt --install arm64 | |
| mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Pqa-skip clean deploy --settings .github/maven-settings.xml | |
| - name: 'Publish SBOM' | |
| uses: DependencyTrack/gh-upload-sbom@v3 | |
| with: | |
| serverhostname: ${{ secrets.DEPENDENCY_TRACK_HOSTNAME }} | |
| apikey: ${{ secrets.DEPENDENCY_TRACK_APIKEY }} | |
| project: '00501150-f4b1-4d75-a099-a6a9d1d8f06a' | |
| bomfilename: 'target/bom.xml' | |
| deploy: | |
| name: Deploy stack | |
| runs-on: ubuntu-latest | |
| needs: publish | |
| permissions: | |
| actions: write | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| steps: | |
| - name: Deploy compose stack | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GHCR_CLEANUP_PAT }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'B3Partners', | |
| repo: 'tailormap-viewer', | |
| workflow_id: 'test-and-deploy.yml', | |
| ref: 'main' | |
| }) | |
| docker-test: | |
| name: Test docker image | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ github.event_name == 'pull_request' }} | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: tailormap | |
| POSTGRES_PASSWORD: tailormap | |
| POSTGRES_DB: tailormap | |
| ports: | |
| - 5432:5432 | |
| options: --health-cmd pg_isready --health-interval 15s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: 'Set up Maven' | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.9.6' | |
| - name: Build docker image | |
| run: mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Pqa-skip package | |
| - name: Try Created Docker image | |
| run: | | |
| docker run -d --name tailormap-api -h tailormap-api --network host ghcr.io/b3partners/tailormap-api:snapshot | |
| sleep 60 | |
| docker logs tailormap-api | |
| curl http://localhost:8080/api/actuator/health | |
| curl http://localhost:8080/api/version | |
| cleanup: | |
| name: Maven cache cleanup | |
| if: ${{ always() }} | |
| needs: [ build, publish, postgresql-test ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: setup-java-Linux-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| setup-java-Linux-maven- | |
| - name: Cleanup snapshot cache | |
| run: | | |
| find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {} |