-
Notifications
You must be signed in to change notification settings - Fork 2
94 lines (80 loc) · 3.14 KB
/
build-and-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: 'Build and Scan Dependencies'
on:
workflow_dispatch:
push:
branches:
[main]
paths-ignore:
- .github/**
permissions:
id-token: write
jobs:
build-and-scan-dependencies:
runs-on: ubuntu-latest
env:
OIDC_PROVIDER_NAME: ${{ vars.JF_OIDC_PROVIDER_NAME }}
JF_BASE_URL: ${{ vars.JF_BASE_URL }}
JF_INSTANCE_NAME: ${{ vars.JF_INSTANCE_NAME }}
JF_PROJECT_KEY: ${{ vars.JF_PROJECT_KEY }}
MVNC_REPO_RESOLVE_SNAPSHOTS: ${{ vars.JF_VIRTUAL_REPO }}
MVNC_REPO_RESOLVE_RELEASES: ${{ vars.JF_VIRTUAL_REPO }}
MVNC_REPO_DEPLOY_SNAPSHOTS: ${{ vars.JF_VIRTUAL_REPO }}
MVNC_REPO_DEPLOY_RELEASES: ${{ vars.JF_VIRTUAL_REPO }}
JFROG_BUILD_STATUS: PASS
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
id: setup-jfrog-cli
env:
JF_URL: ${{ vars.JF_BASE_URL }}
JF_PROJECT: ${{ vars.JF_PROJECT_KEY }}
with:
oidc-provider-name: ${{ vars.JF_OIDC_PROVIDER_NAME }}
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Capture Abbreviated Git Commit SHA
id: capture_abbreviated_git_commit_sha
run: |
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build
run: |
# This has to get done to tell the JFrog CLI where to find Maven
MVN_PATH=`which mvn` && export M2_HOME=`readlink -f $MVN_PATH | xargs dirname | xargs dirname`
# Configure the project
jf mvn-config \
--server-id-resolve $JF_INSTANCE_NAME \
--repo-resolve-releases $MVNC_REPO_RESOLVE_RELEASES \
--repo-resolve-snapshots $MVNC_REPO_RESOLVE_SNAPSHOTS \
--repo-deploy-releases $MVNC_REPO_DEPLOY_RELEASES \
--repo-deploy-snapshots $MVNC_REPO_DEPLOY_SNAPSHOTS
# Build the project using JFrog CLI
jf mvn clean install \
-Drevision=${{ env.GIT_COMMIT_SHA }} \
-DskipTests=true
--project ${{ vars.JF_PROJECT }} \
--build-name=${{ github.repository }} \
--build-number=${{ github.run_number }}
- name: Audit Dependencies
run: |
jf audit --mvn
- name: Failure check
run: |
echo "JFROG_BUILD_STATUS=FAIL" >> $GITHUB_ENV
if: failure()
- name: Publish build
run: |
# Collect and store environment variables in the build-info
jf rt build-collect-env ${{ github.repository }} ${{ github.run_number }}
# Collect and store VCS details in the build-info
jf rt build-add-git ${{ github.repository }} ${{ github.run_number }}
# Publish the build-info to Artifactory
jf rt build-publish --project ${{ vars.JF_PROJECT }} ${{ github.repository }} ${{ github.run_number }}
if: always()
- name: Set GITHUB_SHA on Artifacts
run: |
jf rt set-props --build ${{ github.repository }}/${{ github.run_number }} git_sha=${{ github.sha }}