From 6895e9fa0c39c8e166d7984174021e1eb155ada2 Mon Sep 17 00:00:00 2001 From: Abhishek Tripathi <42455093+abhishektripathi66@users.noreply.github.com> Date: Tue, 22 Oct 2024 08:58:52 +0000 Subject: [PATCH] updating the workflow --- .github/labeler.yml | 1 - .github/workflows/azure-webapps-java-jar.yml | 80 -------- .github/workflows/codescan.yml | 49 ----- .github/workflows/maven-publish.yml | 44 ---- .github/workflows/maven.yml | 26 --- .github/workflows/openshift.yml | 202 ------------------- 6 files changed, 402 deletions(-) delete mode 100644 .github/labeler.yml delete mode 100644 .github/workflows/azure-webapps-java-jar.yml delete mode 100644 .github/workflows/codescan.yml delete mode 100644 .github/workflows/maven-publish.yml delete mode 100644 .github/workflows/maven.yml delete mode 100644 .github/workflows/openshift.yml diff --git a/.github/labeler.yml b/.github/labeler.yml deleted file mode 100644 index 2e8ddc6..0000000 --- a/.github/labeler.yml +++ /dev/null @@ -1 +0,0 @@ -api: api/* \ No newline at end of file diff --git a/.github/workflows/azure-webapps-java-jar.yml b/.github/workflows/azure-webapps-java-jar.yml deleted file mode 100644 index 66e8c43..0000000 --- a/.github/workflows/azure-webapps-java-jar.yml +++ /dev/null @@ -1,80 +0,0 @@ -# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch. -# -# This workflow assumes you have already created the target Azure App Service web app. -# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux -# -# To configure this workflow: -# -# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal. -# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials -# -# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret. -# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret -# -# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below. -# -# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions -# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy -# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples - -name: Build and deploy JAR app to Azure Web App - -env: - AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App - JAVA_VERSION: '11' # set this to the Java version to use - DISTRIBUTION: zulu # set this to the Java distribution - -on: - push: - branches: - - "master" - workflow_dispatch: - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Set up Java version - uses: actions/setup-java@v3.0.0 - with: - java-version: ${{ env.JAVA_VERSION }} - distribution: ${{ env.DISTRIBUTION }} - cache: 'maven' - - - name: Build with Maven - run: mvn clean install - - - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 - with: - name: java-app - path: '${{ github.workspace }}/target/*.jar' - - deploy: - permissions: - contents: none - runs-on: ubuntu-latest - needs: build - environment: - name: 'Development' - url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} - - steps: - - name: Download artifact from build job - uses: actions/download-artifact@v3 - with: - name: java-app - - - name: Deploy to Azure Web App - id: deploy-to-webapp - uses: azure/webapps-deploy@v2 - with: - app-name: ${{ env.AZURE_WEBAPP_NAME }} - publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} - package: '*.jar' diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml deleted file mode 100644 index 3c4ed17..0000000 --- a/.github/workflows/codescan.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow requires that you have an existing account with codescan.io -# For more information about configuring your workflow, -# read our documentation at https://github.com/codescan-io/codescan-scanner-action -name: CodeScan - -on: - push: - branches: [ "master", "*" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "master" ] - schedule: - - cron: '29 5 * * 3' - -permissions: - contents: read - -jobs: - CodeScan: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Cache files - uses: actions/cache@v3 - with: - path: | - ~/.sonar - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Run Analysis - uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12 - with: - login: ${{ secrets.CODESCAN_AUTH_TOKEN }} - organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} - projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: codescan.sarif diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml deleted file mode 100644 index 9f55e57..0000000 --- a/.github/workflows/maven-publish.yml +++ /dev/null @@ -1,44 +0,0 @@ -# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created -# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path - -name: Maven Package - -on: - release: - types: [created] - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 11 - uses: actions/setup-java@v3 - with: - java-version: '11' - distribution: 'temurin' - server-id: github # Value of the distributionManagement/repository/id field of the pom.xml - settings-path: ${{ github.workspace }} # location for the settings.xml file - - - name: Build with Maven - run: mvn -B package --file pom.xml - - - name: Publish to GitHub Packages Apache Maven - run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: SonarCloud Scan - # You may pin to the exact commit or the version. - # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 - uses: SonarSource/sonarcloud-github-action@v1.6 - with: - # Additional arguments to the sonarcloud scanner - args: # optional - # Set the sonar.projectBaseDir analysis property - projectBaseDir: # optional, default is . diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml deleted file mode 100644 index 825103e..0000000 --- a/.github/workflows/maven.yml +++ /dev/null @@ -1,26 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Java CI with Maven - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 11 - uses: actions/setup-java@v3 - with: - java-version: '11' - distribution: 'temurin' - cache: maven - - name: Build with Maven - run: mvn -B package --file pom.xml diff --git a/.github/workflows/openshift.yml b/.github/workflows/openshift.yml deleted file mode 100644 index 579bdfb..0000000 --- a/.github/workflows/openshift.yml +++ /dev/null @@ -1,202 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# 💁 The OpenShift Starter workflow will: -# - Checkout your repository -# - Perform a container image build -# - Push the built image to the GitHub Container Registry (GHCR) -# - Log in to your OpenShift cluster -# - Create an OpenShift app from the image and expose it to the internet - -# ℹī¸ Configure your repository and the workflow with the following steps: -# 1. Have access to an OpenShift cluster. Refer to https://www.openshift.com/try -# 2. Create the OPENSHIFT_SERVER and OPENSHIFT_TOKEN repository secrets. Refer to: -# - https://github.com/redhat-actions/oc-login#readme -# - https://docs.github.com/en/actions/reference/encrypted-secrets -# - https://cli.github.com/manual/gh_secret_set -# 3. (Optional) Edit the top-level 'env' section as marked with '🖊ī¸' if the defaults are not suitable for your project. -# 4. (Optional) Edit the build-image step to build your project. -# The default build type is by using a Dockerfile at the root of the repository, -# but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build. -# 5. Commit and push the workflow file to your default branch to trigger a workflow run. - -# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback. - -name: OpenShift - -env: - # 🖊ī¸ EDIT your repository secrets to log into your OpenShift cluster and set up the context. - # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. - # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} - OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊ī¸ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: "" - - # 🖊ī¸ EDIT to set a name for your OpenShift app, or a default one will be generated below. - APP_NAME: "" - - # 🖊ī¸ EDIT with the port your application should be accessible on. - # If the container image exposes *exactly one* port, this can be left blank. - # Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app - APP_PORT: "" - - # 🖊ī¸ EDIT to change the image registry settings. - # Registries such as GHCR, Quay.io, and Docker Hub are supported. - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - IMAGE_REGISTRY_USER: ${{ github.actor }} - IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - - # 🖊ī¸ EDIT to specify custom tags for the container image, or default tags will be generated below. - IMAGE_TAGS: "" - -on: - # https://docs.github.com/en/actions/reference/events-that-trigger-workflows - workflow_dispatch: - push: - # Edit to the branch(es) you want to build and deploy on each push. - branches: [ "master" ] - -jobs: - # 🖊ī¸ EDIT if you want to run vulnerability check on your project before deploying - # the application. Please uncomment the below CRDA scan job and configure to run it in - # your workflow. For details about CRDA action visit https://github.com/redhat-actions/crda/blob/main/README.md - # - # TODO: Make sure to add 'CRDA Scan' starter workflow from the 'Actions' tab. - # For guide on adding new starter workflow visit https://docs.github.com/en/github-ae@latest/actions/using-workflows/using-starter-workflows - - crda-scan: - uses: ./.github/workflows/crda.yml - secrets: - CRDA_KEY: ${{ secrets.CRDA_KEY }} - # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Either use SNYK_TOKEN or CRDA_KEY - - openshift-ci-cd: - # 🖊ī¸ Uncomment this if you are using CRDA scan step above - # needs: crda-scan - name: Build and deploy to OpenShift - runs-on: ubuntu-20.04 - environment: production - - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - - steps: - - name: Check for required secrets - uses: actions/github-script@v6 - with: - script: | - const secrets = { - OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, - OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, - }; - - const GHCR = "ghcr.io"; - if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { - core.info(`Image registry is ${GHCR} - no registry password required`); - } - else { - core.info("A registry password is required"); - secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; - } - - const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { - if (value.length === 0) { - core.error(`Secret "${name}" is not set`); - return true; - } - core.info(`✔ī¸ Secret "${name}" is set`); - return false; - }); - - if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + - "You can add it using:\n" + - "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + - "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + - "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); - } - else { - core.info(`✅ All the required secrets are set`); - } - - - name: Check out repository - uses: actions/checkout@v3 - - - name: Determine app name - if: env.APP_NAME == '' - run: | - echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV - - - name: Determine image tags - if: env.IMAGE_TAGS == '' - run: | - echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV - - # https://github.com/redhat-actions/buildah-build#readme - - name: Build from Dockerfile - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.APP_NAME }} - tags: ${{ env.IMAGE_TAGS }} - - # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs - # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build - # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root. - dockerfiles: | - ./Dockerfile - - # https://github.com/redhat-actions/push-to-registry#readme - - name: Push to registry - id: push-image - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.IMAGE_REGISTRY }} - username: ${{ env.IMAGE_REGISTRY_USER }} - password: ${{ env.IMAGE_REGISTRY_PASSWORD }} - - # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} - - - name: Install oc - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: 4 - - # https://github.com/redhat-actions/oc-login#readme - - name: Log in to OpenShift - uses: redhat-actions/oc-login@v1 - with: - openshift_server_url: ${{ env.OPENSHIFT_SERVER }} - openshift_token: ${{ env.OPENSHIFT_TOKEN }} - insecure_skip_tls_verify: true - namespace: ${{ env.OPENSHIFT_NAMESPACE }} - - # This step should create a deployment, service, and route to run your app and expose it to the internet. - # https://github.com/redhat-actions/oc-new-app#readme - - name: Create and expose app - id: deploy-and-expose - uses: redhat-actions/oc-new-app@v1 - with: - app_name: ${{ env.APP_NAME }} - image: ${{ steps.push-image.outputs.registry-path }} - namespace: ${{ env.OPENSHIFT_NAMESPACE }} - port: ${{ env.APP_PORT }} - - - name: Print application URL - env: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - run: | - [[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1) - echo - echo "======================== Your application is available at: ========================" - echo ${{ env.ROUTE }} - echo "===================================================================================" - echo - echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""