mirror of
https://github.com/empayre/java-workflow.git
synced 2024-11-06 02:45:17 +00:00
d1d80420d2
* Update maven-service-build.yml * Update maven-service-build.yml * Update maven-service-build.yml * Update maven-service-build.yml * Update maven-service-build.yml * Update maven-service-build.yml * v1.0.18-trivy * 1019a * add-site-arg-as-input * switch-to-v1.0.19 * add sarif scan * ref install and name and on call workflow * ref scan step * install trivy * save report * update versison trivy * codeql upload sarif * delete upload codeql-sarif and ref format sbom (spdx) and ref output format(json) * add exit code * swap format on spdx-json->cyclonedx * no format * file path bom.json * path bom * cdxgen name output file rename * delete exit code and update version trivy * delete upload sarif report and delete exit code and delete save report * rename file for scan * add upload file * delete upload report * output format table and add display in the console and notify mm and comment in PR * add secret mm * add secret * format github * improving the table format * delete padding and radius * return format scan in trivy(json) * pre style * return format * return format github and add upload * return format * default site delete * script-part-opt * bck * fix null message * add } * workflow head commit * changing the version * message * change head_commit without workflow * take commit in pull_request call * add first commit in text * ref update text in pr and add message * ref message * ref message * pull call message --------- Co-authored-by: AydarN <9845662+AydarN@users.noreply.github.com> |
||
|---|---|---|
| .github/workflows | ||
| README.md | ||
java-workflow
В репозитории хранятся общие описания для сборок java/kotlin проектов. Сборка наших проектов бывает разной, в зависимости от типа собираемого проекта:
- Service - Maven сборка сервиса с деплоем docker image в AWS ECR
- swag - Maven сборка swagger с деплоем в Apache Maven registry на Github Packages
Чтобы начать использовать java-workflow в своем репозитории - добавьте в директорию /.github/workflows/ файлы
build.yml и deploy.yml, файлов описания workflow не обязательно должно быть два, вы можете самостоятельно описать workflow с использованием java-workflow.
В репозитории есть инструменты для сканирования:
- Semgrep - сканирует по дефолтным правилам
Чтобы начать использовать инструмент - добавьте в директорию файл semgrep-scan.yml.
Пример сборки и деплоя сервиса:
build.yml
name: Maven Build Artifact
on:
pull_request:
branches:
- '*'
jobs:
build:
uses: empayre/java-workflow/.github/workflows/maven-service-build.yml@v1
secrets:
action-fetch-token: ${{ secrets.ACTIONS_FETCH_TOKEN }}
github-pkg-ro-pat: ${{ secrets.GH_PACKAGES_RO_PAT2 }}
github-pkg-ro-user: 'empayre-bot'
deploy.yml
name: Maven Deploy Artifact
on:
push:
branches:
- 'master'
- 'main'
jobs:
deploy:
uses: empayre/java-workflow/.github/workflows/maven-service-deploy.yml@v1
secrets:
action-fetch-token: ${{ secrets.ACTIONS_FETCH_TOKEN }}
mm-webhook-url: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
github-pkg-ro-pat: ${{ secrets.GH_PACKAGES_RO_PAT2 }}
github-pkg-ro-user: 'empayre-bot'
aws-ecr-access_key: ${{ secrets.ECR_ACCESS_KEY }}
aws-ecr-secret-key: ${{ secrets.ECR_SECRET_KEYS }}
aws-region: ${{ secrets.AWS_REGION }}
Пример сборки и деплоя библотеки swag:
build.yml
name: Maven Build Artifact
on:
pull_request:
branches:
- '*'
jobs:
build:
uses: empayre/java-workflow/.github/workflows/maven-swag-build.yml@v1
with:
run-script-name: patch *
* - для случая сборки на основе патчей (RFC 6902)
deploy.yml
name: Maven Deploy Artifact
on:
push:
branches:
- 'master'
- 'main'
jobs:
deploy:
uses: empayre/java-workflow/.github/workflows/maven-swag-deploy.yml@v1
secrets:
mm-webhook-url: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
Пример использования инструмента:
semgrep-scan.yml
name: Run Semgrep
on:
pull_request:
branches:
- '*'
jobs:
scan:
uses: empayre/java-workflow/.github/workflows/semgrep-scan.yml@v1
secrets:
mm-sa-wh-url: ${{ secrets.MATTERMOST_SA_WH_URL}}