refactor: Update inline script declarations in Astro components #1209
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Commit Stage ๐ค | |
on: | |
push: | |
branches: [ feature/*, develop ] | |
pull_request: | |
branches: [ main, develop ] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
VERSION: ${{ github.sha }} | |
CI: CI | |
NATIVE_IMAGE_ENABLED: enabled | |
CI_GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
permissions: | |
# required for all workflows | |
security-events: write | |
packages: write | |
contents: write | |
issues: write | |
pull-requests: write | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
validation: | |
name: Validation ๐ | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Check Project Integrity | |
uses: ./.github/actions/analysis/check | |
build: | |
name: Build and Test ๐งช | |
needs: [ validation ] | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: ๐ CI_GITHUB_TOKEN | |
if: env.CI_GITHUB_TOKEN == '' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: echo "CI_GITHUB_TOKEN=${GITHUB_TOKEN}" >> $GITHUB_ENV | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Install Java Tools & Dependencies | |
uses: ./.github/actions/install/java | |
with: | |
java-version: 21 | |
gradle-encription-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
gradle-arguments: build koverXmlReport --scan --no-daemon --stacktrace | |
github_token: ${{ env.CI_GITHUB_TOKEN }} | |
- name: Source code vulnerability scanning | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
category: source-code | |
- name: ๐ Upload coverage reports | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: build/reports/kover/report.xml | |
fail_ci_if_error: true # optional (default = false) | |
verbose: true # optional (default = false) | |
static-analysis-security: | |
name: ๐ฎ Static analysis and ๐Security Checks | |
needs: [ validation ] | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: ๐ Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Static Analysis Security | |
uses: ./.github/actions/analysis/security | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
package-backend: | |
name: Package and Publish ๐ฆ | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- id: get_version | |
run: | | |
echo "version=$(cat gradle.properties | grep "version =" | cut -d'=' -f2 | sed 's/^ *//;s/ *$//')" >> $GITHUB_OUTPUT | |
- name: Build and Push Docker images for the backend application | |
uses: ./.github/actions/docker/backend | |
with: | |
deliver: false | |
docker_username: ${{ secrets.DOCKER_USERNAME }} | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
version: ${{ steps.get_version.outputs.version }} | |
ci_github_token: ${{ env.CI_GITHUB_TOKEN }} | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
package-frontend: | |
name: Package and Publish ๐ฆ (Frontend application) | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
permissions: write-all | |
strategy: | |
matrix: | |
target: [lyra-app,lyra-landing-page] | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- id: get_version | |
run: | | |
echo "version=$(cat gradle.properties | grep "version =" | cut -d'=' -f2 | sed 's/^ *//;s/ *$//')" >> $GITHUB_OUTPUT | |
- name: ๐๏ธ Build and Push Docker images for the frontend application ${{ matrix.target }} | |
uses: ./.github/actions/docker/frontend | |
with: | |
deliver: false | |
docker_username: ${{ secrets.DOCKER_USERNAME }} | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
version: ${{ steps.get_version.outputs.version }} | |
ci_github_token: ${{ env.CI_GITHUB_TOKEN }} | |
target: ${{ matrix.target }} |