Update push-trigger.yml #314
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Maven Package upon a push | |
| on: | |
| release: | |
| types: [published] | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| workflow_dispatch: | |
| inputs: | |
| message: | |
| description: 'Message for manually triggering' | |
| required: false | |
| default: 'Triggered for Updates' | |
| type: string | |
| push: | |
| branches: | |
| - '!releas-branch' | |
| - release* | |
| - master | |
| - 1.* | |
| - develop | |
| - MOSIP* | |
| jobs: | |
| build-maven-pre-registration: | |
| uses: mosip/kattu/.github/workflows/maven-build.yml@master | |
| with: | |
| SERVICE_LOCATION: ./pre-registration | |
| BUILD_ARTIFACT: pre-registration | |
| secrets: | |
| OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
| OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }} | |
| OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
| GPG_SECRET: ${{ secrets.GPG_SECRET }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| publish_to_nexus: | |
| if: "${{ !contains(github.ref, 'master') && github.event_name != 'pull_request' && github.event_name != 'release' && github.event_name != 'prerelease' && github.event_name != 'publish' }}" | |
| needs: build-maven-pre-registration | |
| uses: mosip/kattu/.github/workflows/maven-publish-to-nexus.yml@master | |
| with: | |
| SERVICE_LOCATION: ./pre-registration | |
| secrets: | |
| OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
| OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }} | |
| OSSRH_URL: ${{ secrets.RELEASE_URL }} | |
| OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
| GPG_SECRET: ${{ secrets.GPG_SECRET }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| build-dockers: | |
| needs: build-maven-pre-registration | |
| strategy: | |
| matrix: | |
| include: | |
| - SERVICE_LOCATION: 'pre-registration/pre-registration-application-service' | |
| SERVICE_NAME: 'pre-registration-application-service' | |
| BUILD_ARTIFACT: 'pre-registration' | |
| - SERVICE_LOCATION: 'pre-registration/pre-registration-batchjob' | |
| SERVICE_NAME: 'pre-registration-batchjob' | |
| BUILD_ARTIFACT: 'pre-registration' | |
| - SERVICE_LOCATION: 'pre-registration/pre-registration-datasync-service' | |
| SERVICE_NAME: 'pre-registration-datasync-service' | |
| BUILD_ARTIFACT: 'pre-registration' | |
| - SERVICE_LOCATION: 'pre-registration/pre-registration-captcha-service' | |
| SERVICE_NAME: 'pre-registration-captcha-service' | |
| BUILD_ARTIFACT: 'pre-registration' | |
| fail-fast: false | |
| name: ${{ matrix.SERVICE_NAME }} | |
| uses: mosip/kattu/.github/workflows/docker-build.yml@master | |
| with: | |
| SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }} | |
| SERVICE_NAME: ${{ matrix.SERVICE_NAME }} | |
| BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }} | |
| secrets: | |
| DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }} | |
| ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }} | |
| RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| sonar_analysis: | |
| needs: build-maven-pre-registration | |
| if: "${{ github.event_name != 'pull_request' }}" | |
| uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@master | |
| with: | |
| SERVICE_LOCATION: ./pre-registration | |
| secrets: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| ORG_KEY: ${{ secrets.ORG_KEY }} | |
| OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
| OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }} | |
| OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
| GPG_SECRET: ${{ secrets.GPG_SECRET }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| trivy_scan: | |
| needs: build-dockers | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - SERVICE_NAME: 'pre-registration-application-service' | |
| - SERVICE_NAME: 'pre-registration-batchjob' | |
| - SERVICE_NAME: 'pre-registration-datasync-service' | |
| - SERVICE_NAME: 'pre-registration-captcha-service' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'docker.io/your_dockerhub_namespace/${{ matrix.SERVICE_NAME }}:latest' | |
| format: 'sarif' | |
| output: 'trivy-report-${{ matrix.SERVICE_NAME }}.sarif' | |
| - name: Upload SARIF file | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: trivy-report-${{ matrix.SERVICE_NAME }} | |
| path: trivy-report-${{ matrix.SERVICE_NAME }}.sarif |