seb-server/.github/workflows/buildReporting.yml

# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: build

on:
  push:
    branches:
      - '**'
    tags:
      - '**'
  pull_request:
    branches: [master, development]

jobs:
  maven-build-reporting:
    runs-on: ubuntu-latest
    steps:
    - name: Get short SHA
      uses: benjlevesque/short-sha@v3.0
      id: short-sha
    - name: Store short SHA as environment variable
      run: echo $SHA
      env:
        SHA: ${{ steps.short-sha.outputs.sha }}
    - name: Set env
      run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
    - name: Test tag name
      run: |
        echo $TAG_NAME
        echo ${{ env.TAG_NAME }}
    -
      name: Checkout repository
      uses: actions/checkout@v4
    -
      name: Build Test Reporting
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'adopt'
    -
      name: Cache Maven packages
      uses: actions/cache@v4
      with:
        path: ~/.m2
        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
        restore-keys: ${{ runner.os }}-m2
    -
      name: Build with Maven
      run: mvn clean install -e -P let_reporting -Dsebserver-version="${{ env.TAG_NAME }}-${{ env.SHA }}"
      env:
        sebserver-version: ${{ env.TAG_NAME }}-${{ env.SHA }}

    - name: Simplify package name
      run: mv target/seb-server-${{ env.TAG_NAME }}-${{ env.SHA }}.jar target/seb-server.jar
    - uses: actions/upload-artifact@v4
      with:
        name: Package
        path: target/seb-server.jar

  docker-build:
    needs: maven-build-reporting
    # Run only on tagging
    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write
      
    steps:
    -
      name: Set env
      run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
    -
      name: Test
      run: |
        echo $TAG_NAME
        echo ${{ env.TAG_NAME }}
    -
      name: Set up QEMU
      uses: docker/setup-qemu-action@v3
    -
      name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3.2.0
    -
      name: Login to DockerHub
      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    -
      name: Checkout repository
      uses: actions/checkout@v4
      
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
    -
      name: Install cosign
      if: github.event_name != 'pull_request'
      uses: sigstore/cosign-installer@main
    -
      name: Download a single artifact
      uses: actions/download-artifact@v4
      with:
          name: Package
    -
      name: Extract metadata (tags, labels) for Docker
      id: meta
      uses: docker/metadata-action@v4
      with:
         images: anhefti/seb-server
         tags: |
           type=raw,${{ env.TAG_NAME }}
    -
      name: Build and push
      id: docker_build
      uses: docker/build-push-action@v4
      with:
        context: .
        file: ./docker/Dockerfile
        push: true
        tags: |
          anhefti/seb-server:${{ env.TAG_NAME }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
      # repository is public to avoid leaking data.  If you would like to publish
      # transparency data even for private images, pass --force to cosign below.
      # https://github.com/sigstore/cosign
    - name: Sign the published Docker image
      if: ${{ github.event_name != 'pull_request' }}
      # This step uses the identity token to provision an ephemeral certificate
      # against the sigstore community Fulcio instance.
      run: yes | cosign sign ${TAGS}
      env:
        COSIGN_EXPERIMENTAL: true
        TAGS: ${{ steps.meta.outputs.tags }}
        
  cleanup:
    needs: [maven-build-reporting, docker-build]
    if: |
      always()
    runs-on: ubuntu-latest
    steps:
    -
      name: Delete Artifacts
      uses: geekyeggo/delete-artifact@v5
      with:
          name: Package
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`# This workflow will build a Java project with Maven`
			`# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven`

			`name: build`

			`on:`
			`push:`
			`branches:`
			`- '**'`
			`tags:`
			`- '**'`
			`pull_request:`
			`branches: [master, development]`

			`jobs:`
			`maven-build-reporting:`
			`runs-on: ubuntu-latest`
			`steps:`
remove double maven build for reporting 2024-03-05 12:58:51 +01:00			`- name: Get short SHA`
fix cleanup task 2024-03-06 13:01:36 +01:00			`uses: benjlevesque/short-sha@v3.0`
remove double maven build for reporting 2024-03-05 12:58:51 +01:00			`id: short-sha`
			`- name: Store short SHA as environment variable`
			`run: echo $SHA`
			`env:`
			`SHA: ${{ steps.short-sha.outputs.sha }}`
			`- name: Set env`
			`run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV`
			`- name: Test tag name`
			`run: \|`
			`echo $TAG_NAME`
			`echo ${{ env.TAG_NAME }}`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
			`name: Checkout repository`
github actions update 2024-02-28 16:23:56 +01:00			`uses: actions/checkout@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
fixed reporting for Java 17 2024-04-03 16:09:08 +02:00			`name: Build Test Reporting`
github actions update 2024-02-28 16:23:56 +01:00			`uses: actions/setup-java@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
fixed let_reporting to 17 2024-03-05 09:59:32 +01:00			`java-version: '17'`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`distribution: 'adopt'`
			`-`
			`name: Cache Maven packages`
github actions update 2024-02-28 16:23:56 +01:00			`uses: actions/cache@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
			`path: ~/.m2`
			`key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}`
			`restore-keys: ${{ runner.os }}-m2`
			`-`
			`name: Build with Maven`
remove double maven build for reporting 2024-03-05 13:21:34 +01:00			`run: mvn clean install -e -P let_reporting -Dsebserver-version="${{ env.TAG_NAME }}-${{ env.SHA }}"`
remove double maven build for reporting 2024-03-05 13:16:59 +01:00			`env:`
			`sebserver-version: ${{ env.TAG_NAME }}-${{ env.SHA }}`
removed cosign from docker build 2022-05-03 09:42:17 +02:00
remove double maven build for reporting 2024-03-05 12:50:24 +01:00			`- name: Simplify package name`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`run: mv target/seb-server-${{ env.TAG_NAME }}-${{ env.SHA }}.jar target/seb-server.jar`
remove double maven build for reporting 2024-03-05 12:50:24 +01:00			`- uses: actions/upload-artifact@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
			`name: Package`
			`path: target/seb-server.jar`

			`docker-build:`
remove double maven build for reporting 2024-03-05 12:50:24 +01:00			`needs: maven-build-reporting`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`# Run only on tagging`
			`if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')`
			`runs-on: ubuntu-latest`
SEBSERV-365 2022-12-07 09:18:33 +01:00			`permissions:`
			`contents: read`
			`packages: write`
			`# This is used to complete the identity challenge`
			`# with sigstore/fulcio when running outside of PRs.`
			`id-token: write`
SEBSERV-365 fix 2022-12-07 09:26:41 +01:00
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`steps:`
			`-`
			`name: Set env`
			`run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV`
			`-`
			`name: Test`
			`run: \|`
			`echo $TAG_NAME`
			`echo ${{ env.TAG_NAME }}`
			`-`
			`name: Set up QEMU`
fix cleanup task 2024-03-06 12:55:55 +01:00			`uses: docker/setup-qemu-action@v3`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
			`name: Set up Docker Buildx`
SEBSLI-9 update version in build file 2024-03-26 16:59:54 +01:00			`uses: docker/setup-buildx-action@v3.2.0`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
			`name: Login to DockerHub`
fixed build 2023-03-07 14:11:20 +01:00			`uses: docker/login-action@v2`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
			`username: ${{ secrets.DOCKERHUB_USERNAME }}`
			`password: ${{ secrets.DOCKERHUB_TOKEN }}`
			`-`
			`name: Checkout repository`
github actions update 2024-02-28 16:23:56 +01:00			`uses: actions/checkout@v4`
SEBSERV-365 2022-12-07 09:18:33 +01:00
			`# Install the cosign tool except on PR`
			`# https://github.com/sigstore/cosign-installer`
			`-`
			`name: Install cosign`
			`if: github.event_name != 'pull_request'`
			`uses: sigstore/cosign-installer@main`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
			`name: Download a single artifact`
github actions update 2024-02-28 16:23:56 +01:00			`uses: actions/download-artifact@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
			`name: Package`
added meta info 2022-12-07 09:55:50 +01:00			`-`
			`name: Extract metadata (tags, labels) for Docker`
			`id: meta`
fixed build 2023-03-07 14:11:20 +01:00			`uses: docker/metadata-action@v4`
added meta info 2022-12-07 09:55:50 +01:00			`with:`
			`images: anhefti/seb-server`
			`tags: \|`
tags raw 2022-12-08 09:45:42 +01:00			`type=raw,${{ env.TAG_NAME }}`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`-`
			`name: Build and push`
			`id: docker_build`
fixed build 2023-03-07 14:11:20 +01:00			`uses: docker/build-push-action@v4`
removed cosign from docker build 2022-05-03 09:42:17 +02:00			`with:`
			`context: .`
			`file: ./docker/Dockerfile`
			`push: true`
			`tags: \|`
SEBSERV-365 2022-12-07 09:18:33 +01:00			`anhefti/seb-server:${{ env.TAG_NAME }}`
			`# Sign the resulting Docker image digest except on PRs.`
			`# This will only write to the public Rekor transparency log when the Docker`
			`# repository is public to avoid leaking data. If you would like to publish`
			`# transparency data even for private images, pass --force to cosign below.`
			`# https://github.com/sigstore/cosign`
			`- name: Sign the published Docker image`
			`if: ${{ github.event_name != 'pull_request' }}`
			`# This step uses the identity token to provision an ephemeral certificate`
			`# against the sigstore community Fulcio instance.`
fix cosign 2023-03-06 14:33:59 +01:00			`run: yes \| cosign sign ${TAGS}`
SEBSERV-365 2022-12-07 09:18:33 +01:00			`env:`
			`COSIGN_EXPERIMENTAL: true`
Update buildReporting.yml 2022-12-08 09:18:20 +01:00			`TAGS: ${{ steps.meta.outputs.tags }}`
added cleanup artifacts task on CI pipline 2023-07-05 09:13:44 +02:00
			`cleanup:`
CI fix cleanup 2024-03-20 09:01:47 +01:00			`needs: [maven-build-reporting, docker-build]`
CI fix cleanup 2024-03-20 09:07:57 +01:00			`if: \|`
			`always()`
added cleanup artifacts task on CI pipline 2023-07-05 09:13:44 +02:00			`runs-on: ubuntu-latest`
			`steps:`
			`-`
			`name: Delete Artifacts`
CI fix cleanup 2024-03-20 08:57:34 +01:00			`uses: geekyeggo/delete-artifact@v5`
added cleanup artifacts task on CI pipline 2023-07-05 09:13:44 +02:00			`with:`
			`name: Package`