Skip to content

Commit

Permalink
Add FOSSA integration (#21)
Browse files Browse the repository at this point in the history
* Add FOSSA integration

* Don't scan on PRs
  • Loading branch information
CalvinAllen authored Nov 21, 2024
1 parent bd211e5 commit 293391c
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 31 deletions.
48 changes: 24 additions & 24 deletions .github/workflows/build_image.yml
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
name: Build the Docker Image

on:
pull_request:
types: [ opened, reopened, synchronize ]
branches:
- main
pull_request:
types: [opened, reopened, synchronize]
branches:
- main

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-image:
runs-on: ubuntu-latest
build-image:
runs-on: ubuntu-latest

permissions: write-all
permissions: write-all

steps:
- name: Checkout repository
uses: actions/checkout@v4
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Build Docker image
id: push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: .
push: false
build-args: |
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
- name: Build Docker image
id: push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: .
push: false
build-args: |
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
15 changes: 8 additions & 7 deletions .github/workflows/publish_image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,14 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
github-token: ${{ secrets.GITHUB_TOKEN }}
build-args: |
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
NEW_RELIC_METADATA_COMMIT=${{ github.sha }}
NEW_RELIC_METADATA_RELEASE_TAG=${{ github.ref_name }}
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
FOSSA_API_KEY=${{ secrets.FOSSA_API_KEY }}
NEW_RELIC_METADATA_COMMIT=${{ github.sha }}
NEW_RELIC_METADATA_RELEASE_TAG=${{ github.ref_name }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
Expand Down
13 changes: 13 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,29 @@ ARG BROWSER_ACCOUNT_ID
ARG BROWSER_TRUST_KEY
ARG BROWSER_AGENT_ID
ARG BROWSER_APPLICATION_ID
ARG FOSSA_API_KEY

ENV BROWSER_LICENSE_KEY=$BROWSER_LICENSE_KEY
ENV BROWSER_ACCOUNT_ID=$BROWSER_ACCOUNT_ID
ENV BROWSER_TRUST_KEY=$BROWSER_TRUST_KEY
ENV BROWSER_AGENT_ID=$BROWSER_AGENT_ID
ENV BROWSER_APPLICATION_ID=$BROWSER_APPLICATION_ID
ENV FOSSA_API_KEY=$FOSSA_API_KEY

RUN --mount=type=cache,target=/root/.gradle ./gradlew downloadNewRelicAgent --console=plain --info --no-daemon --no-watch-fs
RUN --mount=type=cache,target=/root/.gradle ./gradlew build --console=plain --info --no-daemon --no-watch-fs

RUN if [ -z "$FOSSA_API_KEY" ] ; then \
echo --SKIPPING FOSSA CLI DOWNLOAD ; \
else \
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash; \
fi
RUN if [ -z "$FOSSA_API_KEY" ] ; then \
echo --SKIPPING FOSSA SCAN ; \
else \
fossa analyze; \
fi

FROM base AS final
WORKDIR /app
COPY --from=build /src/build/libs/petclinic-backend-1.0.0.jar .
Expand Down

0 comments on commit 293391c

Please sign in to comment.