Skip to content
.github/workflows/_meta-build.yaml

WIP 3 #2

Sign in to view logs

WIP 3

WIP 3 #2

Workflow file for this run

.github/workflows/_meta-build.yaml at 6f0cd66
on:
workflow_call:
inputs:
app-version:
type: string
required: false
default: "snapshot"
description: "the version that should be set/used as tag for the container image"
publish-container:
type: boolean
required: false
default: false
description: "publish and scan the container image once its built"
secrets:
registry-0-usr:
required: true
registry-0-psw:
required: true
jobs:
build-java:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/[email protected]
- name: Set up JDK
uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Setup CycloneDX CLI
run: |
mkdir -p "$HOME/.local/bin"
echo "$HOME/.local/bin" >> $GITHUB_PATH
wget -O "$HOME/.local/bin/cyclonedx" https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
echo "ef0d3b31d176e02bc594f83e19cfcea053c6bc5b197351f71696e189390f851d $HOME/.local/bin/cyclonedx" | sha256sum -c
chmod +x "$HOME/.local/bin/cyclonedx"
- name: Build with Maven
run: |-
mvn clean
mvn package -Dmaven.test.skip=true -P enhance -P embedded-jetty -Dservices.bom.merge.skip=false -Dlogback.configuration.file=src/main/docker/logback.xml
mvn clean -P clean-exclude-wars
mvn cyclonedx:makeBom -Dservices.bom.merge.skip=false org.codehaus.mojo:exec-maven-plugin:exec@merge-services-bom
- name: Upload Artifacts
uses: actions/[email protected]
with:
name: assembled-wars
path: |-
target/*.jar
target/bom.json
build-container:
runs-on: ubuntu-latest
needs:
- build-java
steps:
- name: Checkout Repository
uses: actions/[email protected]
- name: Download Artifacts
uses: actions/[email protected]
with:
name: assembled-wars
path: target
- name: Set up QEMU
uses: docker/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
id: buildx
with:
install: true
- name: Login to GitHub Container Registry
uses: docker/[email protected]
if: ${{ inputs.publish-container }}
with:
registry: ghcr.io
username: ${{ secrets.registry-0-usr }}
password: ${{ secrets.registry-0-psw }}
- name: Set Container Tags
id: tags
run: |-
TAGS="ghcr.io/dependencytrack/hyades-apiserver:${{ inputs.app-version }}"
if [[ "${{ inputs.app-version }}" != "snapshot" ]]; then
TAGS="${TAGS},ghcr.io/dependencytrack/hyades-apiserver:latest"
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
- name: Build multi-arch Container Image
uses: docker/[email protected]
with:
tags: ${{ steps.tags.outputs.tags }}
build-args: |-
APP_VERSION=${{ inputs.app-version }}
COMMIT_SHA=${{ github.sha }}
WAR_FILENAME=dependency-track-apiserver.jar
platforms: linux/amd64,linux/arm64
push: ${{ inputs.publish-container }}
context: .
file: src/main/docker/Dockerfile
- name: Run Trivy Vulnerability Scanner
if: ${{ inputs.publish-container }}
<<<<<<< HEAD

Check failure on line 112 in .github/workflows/_meta-build.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/_meta-build.yaml

Invalid workflow file 

You have an error in your yaml syntax on line 112
uses: aquasecurity/[email protected]
=======
uses: aquasecurity/[email protected]
>>>>>>> a7020826dd7b28165d5dab2b74a966ffceaf927a
with:
image-ref: ghcr.io/dependencytrack/hyades-apiserver:${{ inputs.app-version }}
format: 'sarif'
output: 'trivy-results.sarif'
ignore-unfixed: true
vuln-type: 'os'
- name: Upload Trivy Scan Results to GitHub Security Tab
if: ${{ inputs.publish-container }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'