Build and Scan Dependencies #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build and Scan Dependencies' | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
[main] | |
paths-ignore: | |
- .github/** | |
permissions: | |
id-token: write | |
jobs: | |
build-and-scan-dependencies: | |
runs-on: ubuntu-latest | |
env: | |
OIDC_PROVIDER_NAME: ${{ vars.JF_OIDC_PROVIDER_NAME }} | |
JF_BASE_URL: ${{ vars.JF_BASE_URL }} | |
JF_INSTANCE_NAME: ${{ vars.JF_INSTANCE_NAME }} | |
JF_PROJECT_KEY: ${{ vars.JF_PROJECT_KEY }} | |
MVNC_REPO_RESOLVE_SNAPSHOTS: ${{ vars.JF_VIRTUAL_REPO }} | |
MVNC_REPO_RESOLVE_RELEASES: ${{ vars.JF_VIRTUAL_REPO }} | |
MVNC_REPO_DEPLOY_SNAPSHOTS: ${{ vars.JF_VIRTUAL_REPO }} | |
MVNC_REPO_DEPLOY_RELEASES: ${{ vars.JF_VIRTUAL_REPO }} | |
JFROG_BUILD_STATUS: PASS | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup JFrog CLI | |
uses: jfrog/setup-jfrog-cli@v4 | |
id: setup-jfrog-cli | |
env: | |
JF_URL: ${{ vars.JF_BASE_URL }} | |
JF_PROJECT: ${{ vars.JF_PROJECT_KEY }} | |
with: | |
oidc-provider-name: ${{ vars.JF_OIDC_PROVIDER_NAME }} | |
oidc-audience: jfrog-github | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Capture Abbreviated Git Commit SHA | |
id: capture_abbreviated_git_commit_sha | |
run: | | |
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
# This has to get done to tell the JFrog CLI where to find Maven | |
MVN_PATH=`which mvn` && export M2_HOME=`readlink -f $MVN_PATH | xargs dirname | xargs dirname` | |
# Configure the project | |
jf mvn-config \ | |
--repo-resolve-releases $MVNC_REPO_RESOLVE_RELEASES \ | |
--repo-resolve-snapshots $MVNC_REPO_RESOLVE_SNAPSHOTS \ | |
--repo-deploy-releases $MVNC_REPO_DEPLOY_RELEASES \ | |
--repo-deploy-snapshots $MVNC_REPO_DEPLOY_SNAPSHOTS | |
# Build the project using JFrog CLI | |
jf mvn \ | |
--build-name=${{ github.repository }} \ | |
--build-number=${{ github.run_number }} | |
clean \ | |
install \ | |
-Drevision=${{ env.GIT_COMMIT_SHA }} \ | |
-DskipTests=true | |
- name: Audit Dependencies | |
run: | | |
jf audit --mvn | |
- name: Failure check | |
run: | | |
echo "JFROG_BUILD_STATUS=FAIL" >> $GITHUB_ENV | |
if: failure() | |
- name: Publish build | |
run: | | |
# Collect and store environment variables in the build-info | |
jf rt build-collect-env ${{ github.repository }} ${{ github.run_number }} | |
# Collect and store VCS details in the build-info | |
jf rt build-add-git ${{ github.repository }} ${{ github.run_number }} | |
# Publish the build-info to Artifactory | |
jf rt build-publish --project ${{ vars.JF_PROJECT }} ${{ github.repository }} ${{ github.run_number }} | |
if: always() | |
- name: Set GITHUB_SHA on Artifacts | |
run: | | |
jf rt set-props --build ${{ github.repository }}/${{ github.run_number }} git_sha=${{ github.sha }} |