-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #939 from puzzle/844-demo_properties_github_action
okr #844: properties and github action for demo umgebung
- Loading branch information
Showing
2 changed files
with
249 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,242 @@ | ||
name: 'Demo-Deploy' | ||
|
||
on: | ||
pull_request: | ||
types: | ||
- closed | ||
branches: [ main ] | ||
|
||
jobs: | ||
update-version: | ||
if: github.event.pull_request.merged == true | ||
runs-on: ubuntu-22.04 | ||
outputs: | ||
okr-docker-image: ${{ vars.NEW_VALUE_URL }}:${{ steps.store-version.outputs.version}}-DEMO | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
token: ${{secrets.VERSION_TOKEN}} | ||
|
||
- name: Generate and Set New Version | ||
run: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} -DgenerateBackupPoms=false | ||
|
||
- name: Extract Maven project version | ||
run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT | ||
id: store-version | ||
|
||
- name: Set New Snapshot Version | ||
run: mvn build-helper:parse-version versions:set -DnewVersion=${{ steps.store-version.outputs.version}}-SNAPSHOT -DgenerateBackupPoms=false | ||
|
||
- name: Commit and Push Changes | ||
shell: bash | ||
env: | ||
COMMITPREFIX: '[VU]' | ||
run: | | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "GitHub Actions" | ||
git add . || { | ||
echo "No files were changed, so we did not commit anything" | ||
exit 1 | ||
} | ||
git commit -m "$COMMITPREFIX Automated version update" || { | ||
echo "No changes to commit, skipping push" | ||
exit 0 | ||
} | ||
git push -f origin main | ||
build-docker-image: | ||
needs: update-version | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up JDK 17 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: '17' | ||
distribution: 'adopt' | ||
|
||
- name: Set up node 18 | ||
uses: actions/setup-node@v4 | ||
with: | ||
node-version: 18.17.1 | ||
|
||
- name: Install Dependencies | ||
run: cd ./frontend && npm ci | ||
|
||
- name: Build frontend with Angular | ||
run: cd ./frontend && npm run build | ||
|
||
- name: Build backend with Maven | ||
run: mvn -B clean package --file pom.xml -P build-for-docker | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build the docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
file: docker/Dockerfile | ||
tags: ${{ needs.update-version.outputs.okr-docker-image}} | ||
load: true | ||
push: false | ||
outputs: type=docker,dest=/tmp/okr-docker-image.tar | ||
|
||
- name: Upload artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: okr-image | ||
path: /tmp/okr-docker-image.tar | ||
|
||
- name: print imagetags | ||
run: echo ${{ needs.update-version.outputs.okr-docker-image}} | ||
|
||
e2e-docker: | ||
runs-on: ubuntu-22.04 | ||
needs: [build-docker-image,update-version] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Download artifact | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: okr-image | ||
path: /tmp | ||
|
||
- name: Load image | ||
run: docker load --input /tmp/okr-docker-image.tar | ||
|
||
- name: show images | ||
run: docker image ls -a | ||
|
||
- name: Run docker image | ||
run: | | ||
docker run --network=host \ | ||
-p 8080:8080 \ | ||
-e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER-URI=http://localhost:8544/realms/pitc \ | ||
-e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK-SET-URI=http://localhost:8544/realms/pitc/protocol/openid-connect/certs \ | ||
-e SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT-ID=pitc_okr_demo \ | ||
-e SPRING_PROFILES_ACTIVE-ID=integration-test \ | ||
-e SPRING_DATASOURCE_URL="jdbc:h2:mem:db;DB_CLOSE_DELAY=-1" \ | ||
-e SPRING_DATASOURCE_USERNAME=user \ | ||
-e SPRING_DATASOURCE_PASSWORD=sa \ | ||
-e SPRING_FLYWAY_LOCATIONS="classpath:db/h2-db/database-h2-schema,classpath:db/h2-db/data-test-h2" \ | ||
${{ needs.update-version.outputs.okr-docker-image}} & | ||
- name: run keycloak docker | ||
run: | | ||
docker run \ | ||
-e KEYCLOAK_ADMIN=admin \ | ||
-e KEYCLOAK_ADMIN_PASSWORD=keycloak \ | ||
-v ./docker/config/realm-export.json:/opt/keycloak/data/import/realm.json \ | ||
-p 8544:8080 \ | ||
quay.io/keycloak/keycloak:23.0.1 \ | ||
start-dev --import-realm & | ||
- uses: abhi1693/[email protected] | ||
with: | ||
browser: chrome | ||
version: latest | ||
|
||
- name: Cypress run e2e tests | ||
uses: cypress-io/github-action@v6 | ||
with: | ||
build: npm i -D cypress | ||
install: false | ||
wait-on: 'http://localhost:8080/config, http://localhost:8544' | ||
wait-on-timeout: 120 | ||
browser: chrome | ||
headed: true | ||
working-directory: frontend | ||
config: baseUrl=http://localhost:8080 | ||
|
||
upload-to-quay: | ||
runs-on: ubuntu-latest | ||
needs: [e2e-docker, update-version] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Download artifact | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: okr-image | ||
path: /tmp | ||
|
||
- name: Load image | ||
run: docker load --input /tmp/okr-docker-image.tar | ||
|
||
- name: show images | ||
run: docker image ls -a | ||
|
||
- name: Log in to Quay registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ secrets.QUAY_REGISTRY }} | ||
username: ${{ secrets.QUAY_USERNAME }} | ||
password: ${{ secrets.QUAY_TOKEN }} | ||
|
||
- name: Push | ||
run: docker push ${{ needs.update-version.outputs.okr-docker-image}} | ||
|
||
- name: Install yq | ||
shell: bash | ||
env: | ||
VERSION: v4.25.2 | ||
BINARY: yq_linux_amd64 | ||
run: | | ||
wget -q https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ | ||
tar xz && mv ${BINARY} /usr/local/bin/yq | ||
- name: Update YAML file | ||
shell: bash | ||
env: | ||
COMMITPREFIX: '[CTS]' | ||
run: | | ||
curl -s --header "PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}?ref=${{vars.TARGET_GITLAB_REFERENCE}}" -H "Accept: application/json" -H "Content-Type: application/json" | jq -r '.content' | base64 --decode > response.yaml | ||
yq -i "${{vars.YAML_PATH}} = \"${{needs.update-version.outputs.okr-docker-image}}\"" response.yaml | ||
UPDATED_CONTENT=$(cat response.yaml) | ||
curl --request PUT --header 'PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}' -F "branch=${{vars.TARGET_GITLAB_REFERENCE}}" -F "[email protected]" -F "author_name=GitLab Actions" -F "content=${UPDATED_CONTENT}" -F "commit_message=$COMMITPREFIX Automated changes to ${{vars.FILEPATH_COMMIT}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}" | ||
generate-and-push-sbom: | ||
runs-on: ubuntu-latest | ||
needs: [upload-to-quay] | ||
steps: | ||
- name: Checkout Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Install cdxgen | ||
working-directory: frontend | ||
run: npm install -g @cyclonedx/[email protected] | ||
|
||
- name: 'Generate SBOM for maven dependencies' | ||
working-directory: backend | ||
run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom | ||
|
||
- name: 'Generate SBOM for npm dependencies' | ||
working-directory: frontend | ||
run: cdxgen -o ../sbom-npm.xml -t npm . | ||
|
||
- name: 'Merge frontend and backend SBOMs' | ||
run: | | ||
docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml | ||
- name: 'Push merged SBOM to dependency track' | ||
env: | ||
PROJECT_NAME: okr-demo | ||
run: | | ||
curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \ | ||
--header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \ | ||
--header "Content-Type: multipart/form-data" \ | ||
--form "autoCreate=true" \ | ||
--form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \ | ||
--form "projectVersion=latest" \ | ||
--form "[email protected]" | ||
clean-up: | ||
needs: [generate-and-push-sbom] | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: remove dockers | ||
run: docker ps -aq | xargs -r docker rm -f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# logging level for staging | ||
logging.level.org.springframework=debug | ||
|
||
spring.security.oauth2.resourceserver.opaquetoken.client-id=pitc_okr_demo | ||
|
||
okr.user.champion.usernames=jbrantschen | ||
okr.clientcustomization.customstyles.okr-topbar-background-color=#fa8072 |