Skip to content

[CI] Update jfrog cli to v3 (#6082) #400

[CI] Update jfrog cli to v3 (#6082)

[CI] Update jfrog cli to v3 (#6082) #400

Workflow file for this run

name: CI
on:
workflow_dispatch:
inputs:
enableSecurityScan:
type: boolean
default: true
description: 'Enable security scan with Trivy'
push:
branches:
- '2.11.x'
paths-ignore:
- '.github/**'
env:
MAVEN_THREADS: '-T 1'
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
jobs:
build:
if: github.repository_owner == 'spring-cloud'
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
# cache maven repo
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2-
# jdk8
- uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'liberica'
- uses: jvalkeal/setup-maven@v1
with:
maven-version: 3.8.8
maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/'
# jfrog cli
- uses: jfrog/setup-jfrog-cli@v3
env:
JF_URL: 'https://repo.spring.io'
JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
- name: Login dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# setup frog cli
- name: Configure JFrog Cli
run: |
jfrog rt mvnc \
--server-id-resolve=${{ vars.JF_SERVER_ID }} \
--server-id-deploy=${{ vars.JF_SERVER_ID }} \
--repo-resolve-releases=libs-milestone \
--repo-resolve-snapshots=libs-snapshot \
--repo-deploy-releases=libs-release-local \
--repo-deploy-snapshots=libs-snapshot-local
echo JFROG_CLI_BUILD_NAME=spring-cloud-dataflow-2-11-x >> $GITHUB_ENV
echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
echo spring_cloud_dataflow_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV
- uses: ./.github/actions/install-xmlutils
# build and publish
- name: Build and Publish
shell: bash
timeout-minutes: 75
run: |
mvn clean
./spring-cloud-dataflow-package/set-package-version.sh
jfrog rt mvn install -Pfull,docs -B
jfrog rt mvn install -pl spring-cloud-dataflow-package -B
jfrog rt build-publish
export JFROG_CLI_BUILD_NAME="${JFROG_CLI_BUILD_NAME/spring-cloud-dataflow/spring-cloud-skipper}"
PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
# set +e
# echo "::info ::Project version=$PROJECT_VERSION"
# SKIPPER_DOCS_PATTERN=$(.github/workflows/skipper-docs-name.sh $PROJECT_VERSION libs-snapshot-local)
# if [[ "$SKIPPER_DOCS_PATTERN" == *"does not exist"* ]]; then
# echo "::error ::Skipper Docs URL=$SKIPPER_DOCS_PATTERN"
# else
# echo "::info ::Skipper Docs URL=$SKIPPER_DOCS_PATTERN"
# jfrog rt sp --build "$SKIPPER_DOCS_PATTERN" "buildName=$JFROG_CLI_BUILD_NAME;buildNumber=$JFROG_CLI_BUILD_NUMBER"
# echo "::info ::Skipper Docs Set Properties buildName=$JFROG_CLI_BUILD_NAME;buildNumber=$JFROG_CLI_BUILD_NUMBER"
# fi
- name: Test Report
uses: dorny/test-reporter@v1
if: ${{ success() || failure() }}
with:
name: Unit Tests
path: '**/surefire-reports/*.xml'
reporter: java-junit
list-tests: failed
- name: Capture Test Results
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: test-results
path: '**/target/surefire-reports/**/*.*'
retention-days: 7
if-no-files-found: ignore
# clean m2 cache
- name: Clean cache
run: |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
outputs:
version: ${{ env.spring_cloud_dataflow_version }}
database-tests:
if: github.repository_owner == 'spring-cloud'
runs-on: ubuntu-latest
strategy:
matrix:
db: [ 'ORACLE', 'DB2' ]
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2-${{ matrix.db }}
- uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'liberica'
- uses: jvalkeal/setup-maven@v1
with:
maven-version: 3.8.8
maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/'
- uses: jfrog/setup-jfrog-cli@v3
env:
JF_URL: 'https://repo.spring.io'
JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
- name: Login dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Configure JFrog Cli
run: |
jfrog rt mvnc \
--server-id-resolve=${{ vars.JF_SERVER_ID }} \
--server-id-deploy=${{ vars.JF_SERVER_ID }} \
--repo-resolve-releases=libs-milestone \
--repo-resolve-snapshots=libs-snapshot \
--repo-deploy-releases=libs-release-local \
--repo-deploy-snapshots=libs-snapshot-local
- uses: ./.github/actions/install-xmlutils
- name: Test
shell: bash
timeout-minutes: 75
run: |
jfrog rt mvn clean install -s .settings.xml -DskipTests -am -pl :spring-cloud-dataflow-server,:spring-cloud-skipper-server
export ENABLE_${{ matrix.db }}=true
jfrog rt mvn test -s .settings.xml -pl :spring-cloud-dataflow-server,:spring-cloud-skipper-server -Dgroups=${{ matrix.db }}
- name: Test Report
uses: dorny/test-reporter@v1
if: ${{ success() || failure() }}
with:
name: Unit Tests
path: '**/surefire-reports/*.xml'
reporter: java-junit
list-tests: failed
- name: Capture Test Results
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: test-results
path: '**/target/surefire-reports/**/*.*'
retention-days: 7
if-no-files-found: ignore
# clean m2 cache
- name: Clean cache
run: |
find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
images:
name: Build and Publish Images
needs:
- build
uses: ./.github/workflows/build-images.yml
with:
version: ${{ needs.build.outputs.version }}
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
GCR_JSON_KEY: ${{ secrets.GCR_JSON_KEY }}
scan:
runs-on: ubuntu-latest
if: ${{ inputs.enableSecurityScan == null || inputs.enableSecurityScan }}
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: 'Scanned'
shell: bash
run: echo "::info ::Scanned"
done:
runs-on: ubuntu-latest
needs: [ scan, build, images, database-tests ]
steps:
- name: 'Done'
shell: bash
run: echo "::info ::Done"