Testing containerisation Pipeline for testcontainers #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ScaleUp Application CI workflow | |
on: | |
push: | |
branches: | |
- '**' # Trigger on any branch push | |
jobs: | |
set-env: | |
name: Setup Environment | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.15.0 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Install Node.js packages | |
run: npm install | |
- name: Cache Node Modules | |
uses: actions/cache@v3 | |
with: | |
path: node_modules | |
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
package: | |
name: Package App | |
runs-on: ubuntu-latest | |
needs: set-env | |
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.pull_request.title, '[skip ci]') && !contains(github.event.pull_request.title, '[ci skip]')" | |
timeout-minutes: 10 | |
env: | |
NODE_VERSION: 20.15.0 | |
SPRING_OUTPUT_ANSI_ENABLED: DETECT | |
SPRING_JPA_SHOW_SQL: false | |
JHI_DISABLE_WEBPACK_LOGS: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.15.0 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Package application | |
run: npm run java:jar:prod | |
- name: Upload Build Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: packaged-application | |
path: | | |
target/*.jar | |
target/classes | |
retention-days: 1 # Retain the build artifacts for 1 day | |
# Push to Docker | |
jib-build: | |
name: containerize | |
runs-on: ubuntu-latest | |
needs: package | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
steps: | |
- name: Push to Docker registry | |
run: ./mvnw package -Pprod verify jib:build -Djib.to.image=shenanquek97/scaleup -Djib.to.auth.username=${DOCKER_USERNAME} -Djib.to.auth.password=${DOCKER_PASSWORD} | |
backend-test: | |
name: Backend Test Stage | |
runs-on: ubuntu-latest | |
needs: package | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Run backend test | |
run: | | |
chmod +x mvnw | |
npm run ci:backend:test | |
- name: Upload Backend Test Report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-test-report | |
path: target/surefire-reports/*.xml | |
retention-days: 1 | |
frontend-test: | |
name: Frontend Test Stage | |
runs-on: ubuntu-latest | |
needs: package | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.15.0 | |
- name: Install Node.js Packages | |
run: npm install | |
- name: Run frontend test | |
run: npm run ci:frontend:test | |
- name: Upload Frontend Test Report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jest-test-reports | |
path: ./target/test-results/TESTS-results-jest.xml # Adjusted to match your Jest output configuration | |
retention-days: 1 | |
sonar: | |
name: Sonar SAST Scan | |
runs-on: ubuntu-latest | |
needs: [backend-test, frontend-test] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'zulu' # Alternative distribution options are available. | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup | |
snyk: | |
name: Vulnerability Scanning with Synk | |
needs: [backend-test, frontend-test] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/maven@master | |
continue-on-error: true # To make sure that SARIF upload gets called | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --sarif-file-output=snyk.sarif | |
# - name: Upload result to GitHub Code Scanning | |
# uses: github/codeql-action/upload-sarif@v3 | |
# with: | |
# sarif_file: snyk.sarif | |
dast-scan: | |
name: DAST OWASP ZAP Scans | |
runs-on: ubuntu-latest | |
needs: [backend-test, frontend-test] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Change script permission | |
run: | | |
chmod +x script/zap-script.sh | |
- name: ZAP scan | |
run: script/zap-script.sh | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: zap report | |
path: | | |
./target/test-reports/zap_baseline_report.html | |
retention-days: 1 |