Merge pull request #91 from ADORSYS-GIS/doc/ci_cd_documentation #136

Workflow file for this run

.github/workflows/develop.yaml at b66f78d

	name: Java CI with Maven

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	jobs:

	test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	- name: Cache Maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Set up Maven settings.xml
	run: \|
	mkdir -p ~/.m2
	echo "<settings>
	<servers>
	<server>
	<id>github-webank</id>
	<username>${{ github.actor }}</username>
	<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
	</server>
	</servers>
	</settings>" > ~/.m2/settings.xml

	- name: Run Unit and Integration Tests
	run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true


	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: 17
	architecture: x64
	distribution: 'temurin'

	- name: Cache Maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2



	- name: Set up Maven settings.xml
	run: \|
	mkdir -p ~/.m2
	echo "<settings>
	<servers>
	<server>
	<id>github-webank</id>
	<username>${{ github.actor }}</username>
	<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
	</server>
	</servers>
	</settings>" > ~/.m2/settings.xml


	- name: Build with webank Online banking
	run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true




	pmdCheck:
	needs: build
	name: Run code analyser PMD
	runs-on: ubuntu-latest
	steps:
	- name: Clone webank online banking repository
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: 17
	architecture: x64
	distribution: 'temurin'
	- name: Cache Maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2



	- name: build project before check
	run: mvn -ntp -DskipTests -DskipITs -Dmaven.javadoc.skip=true clean install

	- name: Check pmd
	run: mvn -ntp pmd:check


	security-scan:
	name: Owasp security scan
	runs-on: ubuntu-latest
	needs: build # Ensures that the security scan runs only if the build job succeeds

	steps:
	# Step 1: Checkout code
	- name: Checkout code
	uses: actions/checkout@v4

	# Step 2: Set up Java
	- name: Set up Java 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	# Step 3: Run OWASP Dependency-Check
	- name: Run OWASP Dependency-Check
	uses: dependency-check/Dependency-Check_Action@main
	env:
	# actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
	JAVA_HOME: /opt/jdk
	with:
	project: 'webank-onlinebanking'
	path: '.'
	format: 'HTML'
	out: 'reports'
	args: >
	--failOnCVSS 5
	# Step 4: Upload the Dependency-Check report as an artifact
	- name: Upload Dependency Check report
	uses: actions/upload-artifact@v3
	with:
	name: Dependency-Check Report
	path: ${{ github.workspace }}/reports

	Sonarqube:
	name: Sonarqube
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: 'zulu' # Alternative distribution options are available.
	- name: Cache SonarQube packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Set up Maven settings.xml
	run: \|
	mkdir -p ~/.m2
	echo "<settings>
	<servers>
	<server>
	<id>github-webank</id>
	<username>${{ github.actor }}</username>
	<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
	</server>
	</servers>
	</settings>" > ~/.m2/settings.xml

	- name: Build and analyze
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
	run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=webank-online-banking -Dsonar.projectName='webank-online-banking'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #91 from ADORSYS-GIS/doc/ci_cd_documentation #136

Workflow file

Merge pull request #91 from ADORSYS-GIS/doc/ci_cd_documentation #136

Jobs

Run details

Workflow file for this run