.github/workflows/ci.yml

name: CI

on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
      - 'main-3'
      - '2.11.x'
    paths-ignore:
      - '.github/**'

env:
  MAVEN_THREADS: '-T 1'

jobs:
  build:
    if: github.repository_owner == 'spring-cloud'
    runs-on: ubuntu-latest
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    steps:
    - uses: actions/checkout@v4
    - uses: jlumbroso/free-disk-space@main
      with:
        tool-cache: false
    # cache maven repo
    - uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-m2-
    # jdk8
    - uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'liberica'
    - uses: jvalkeal/setup-maven@v1
      with:
        maven-version: 3.8.8
        maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/'
    # jfrog cli
    - uses: jfrog/setup-jfrog-cli@v1
      with:
        version: 1.46.4
      env:
        JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
    - name: Login dockerhub
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    # setup frog cli
    - name: Configure JFrog Cli
      run: |
        jfrog rt mvnc \
          --server-id-resolve=repo.spring.io \
          --server-id-deploy=repo.spring.io \
          --repo-resolve-releases=libs-milestone \
          --repo-resolve-snapshots=libs-snapshot \
          --repo-deploy-releases=libs-release-local \
          --repo-deploy-snapshots=libs-snapshot-local
        echo JFROG_CLI_BUILD_NAME=spring-cloud-dataflow-main >> $GITHUB_ENV
        echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
        echo spring_cloud_dataflow_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV
    # build and publish
    - name: Build and Publish
      run: |
        mvn clean
        ./spring-cloud-dataflow-package/set-package-version.sh
        jfrog rt mvn install -Pfull,asciidoctordocs,restdocs -B
        jfrog rt mvn install -pl spring-cloud-dataflow-package -B
        jfrog rt build-publish
    - name: Test Report
      uses: dorny/test-reporter@v1
      if: ${{ success() || failure() }}
      with:
        name: Unit Tests
        path: '**/surefire-reports/*.xml'
        reporter: java-junit
        list-tests: failed
    - name: Capture Test Results
      if: ${{ always() }}
      uses: actions/upload-artifact@v3
      with:
        name: test-results
        path: '**/target/surefire-reports/**/*.*'
        retention-days: 7
        if-no-files-found: ignore
    # clean m2 cache
    - name: Clean cache
      run: |
        find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
    outputs:
      version: ${{ env.spring_cloud_dataflow_version }}
  images:
    name: Build and Publish Images
    needs:
      - build
    uses: ./.github/workflows/build-images.yml
    with:
      version: ${{ needs.build.outputs.version }}
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
      GCR_JSON_KEY: ${{ secrets.GCR_JSON_KEY }}
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: 'trivy-results.sarif'
      - name: 'Scanned'
        shell: bash
        run: echo "::info ::Scanned"
  done:
    runs-on: ubuntu-latest
    needs: [ scan, build, images ]
    steps:
      - name: 'Done'
        shell: bash
        run: echo "::info ::Done"