chore: #XXX fix high findings #436

Workflow file for this run

.github/workflows/pull-request_backend.yml at 1ed3f28

	# Copyright (c) 2023 Contributors to the Eclipse Foundation
	#
	# See the NOTICE file(s) distributed with this work for additional
	# information regarding copyright ownership.
	#
	# This program and the accompanying materials are made available under the
	# terms of the Apache License, Version 2.0 which is available at
	# https://www.apache.org/licenses/LICENSE-2.0.
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.
	#
	# SPDX-License-Identifier: Apache-2.0

	name: "[BE][BUILT][DEPLOYMENT] Pull request"

	on:
	workflow_dispatch: # Trigger manually
	pull_request:

	env:
	GHCR_REGISTRY: ghcr.io
	JAVA_VERSION: 17
	DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
	BACKEND_IMAGE_DOCKER_HUB: traceability-foss

	jobs:
	Check-Pom-for-snapshot-versions:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Check pom for -SNAPSHOT
	id: pom-version
	run: \|
	snapshot_count_root_pom=$(sed -n '/<properties>/,/properties>/p' pom.xml \| grep -o '\-SNAPSHOT' \| wc -l)
	if (( $snapshot_count_root_pom > 1 )); then
	echo "pom_changed=true" >> $GITHUB_OUTPUT
	else
	echo "pom_changed=false" >> $GITHUB_OUTPUT
	fi

	- name: Create Review Comment
	uses: ntsd/auto-request-changes-action@v3
	if: steps.pom-version.outputs.pom_changed == 'true'
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	review-message: "Please remove -SNAPSHOT from property versions. You can find them in pom.xml(tx-root)."

	- name: Print environment variables
	id: print-env-vars
	run: \|
	echo ${{steps.pom-version.outputs.pom_changed}}


	Test-and-Sonar:
	permissions:
	checks: write
	pull-requests: write
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	java-version: '${{ env.JAVA_VERSION }}'
	distribution: 'temurin'
	cache: 'maven'

	- name: Run unit & integration tests
	run: mvn -pl tx-models,tx-backend,tx-coverage -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B verify

	- name: Publish integration test results
	uses: EnricoMi/publish-unit-test-result-action@v2
	if: always()
	with:
	files: "${{ github.workspace }}/tx-backend/target/failsafe-reports/TEST-*.xml"
	check_name: "Integration Test Results"

	- name: Publish unit test results
	uses: EnricoMi/publish-unit-test-result-action@v2
	if: always()
	with:
	files: "*/surefire-reports/TEST-.xml"
	check_name: "Unit Test Results"

	- name: Clean working directories
	run: \|
	rm -rf .scannerwork
	rm -rf .sonar

	- name: Cache SonarCloud packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Verify Sonar Scan
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}
	SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }}
	SONAR_PROJECT_KEY: ${{ vars.SONAR_PROJECT_KEY_BACKEND }}
	run: mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --batch-mode sonar:sonar -Dsonar.coverage.jacoco.xmlReportPaths=${{ github.workspace }}/tx-coverage/target/site/jacoco-aggregate/jacoco.xml -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY_BACKEND }} -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }}

	Publish-docker-image:
	# needs: [ "Test-and-Sonar" ]
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: tx-backend
	permissions:
	contents: read
	packages: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- uses: actions/setup-java@v4
	with:
	java-version: '${{ env.JAVA_VERSION }}'
	distribution: 'temurin'
	cache: 'maven'

	- name: Login to GHCR Registry
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER == ''
	uses: docker/login-action@v3
	with:
	registry: ${{ env.GHCR_REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build & Push docker image for GHCR ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.event.pull_request.head.sha }}
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER == ''
	uses: docker/build-push-action@v6
	with:
	context: .
	push: true
	tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.event.pull_request.head.sha }}

	- name: Login to Docker Hub
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER != ''
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Build & push docker image for Docker Hub ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.BACKEND_IMAGE_DOCKER_HUB }}:${{ github.event.pull_request.head.sha }}
	env:
	DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
	if: env.DOCKER_HUB_USER != ''
	uses: docker/build-push-action@v6
	with:
	context: .
	push: true
	tags: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.BACKEND_IMAGE_DOCKER_HUB }}:${{ github.event.pull_request.head.sha }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: #XXX fix high findings #436

Workflow file

chore: #XXX fix high findings #436

Jobs

Run details

Workflow file for this run