name change central-repo and added SAST, DAST, LINT and sonarcloud qu… #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test, SAST, and Push Docker Image | |
on: | |
push: | |
branches: | |
- feature/shopsmart-72 | |
pull_request: | |
branches: | |
- feature/shopsmart-72 | |
workflow_dispatch: # allows manual triggering | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
ECR_REPO_URI: ${{ secrets.ECR_REPO_URI }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Log in to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set up JDK | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
- name: Verify Java Installation | |
run: java -version | |
- name: Install required tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libxml2-utils bc | |
- name: Build and run tests with JaCoCo | |
run: | | |
mvn clean test | |
mvn jacoco:report | |
- name: Check JaCoCo Coverage Threshold | |
run: | | |
#!/bin/bash | |
# Debug: Print the content of the JaCoCo report | |
echo "Content of JaCoCo report:" | |
cat target/site/jacoco/jacoco.xml | |
# Extract the total lines covered | |
TOTAL_LINES_COVERED=$(xmllint --xpath "(//counter[@type='LINE']/@covered)[1]" target/site/jacoco/jacoco.xml | cut -d'"' -f2) | |
echo "Total lines covered: $TOTAL_LINES_COVERED" | |
# Extract the total lines | |
TOTAL_LINES=$(xmllint --xpath "(//counter[@type='LINE']/@missed)[1]" target/site/jacoco/jacoco.xml | cut -d'"' -f2) | |
echo "Total lines: $TOTAL_LINES" | |
# Calculate coverage percentage | |
if [[ $TOTAL_LINES_COVERED =~ ^[0-9]+$ ]] && [[ $TOTAL_LINES =~ ^[0-9]+$ ]]; then | |
COVERAGE_PERCENTAGE=$(echo "scale=2; ($TOTAL_LINES_COVERED / ($TOTAL_LINES + $TOTAL_LINES_COVERED)) * 100" | bc) | |
echo "Calculated Coverage Percentage: $COVERAGE_PERCENTAGE%" | |
else | |
echo "Invalid coverage or total line count extracted." | |
exit 1 | |
fi | |
if (( $(echo "$COVERAGE_PERCENTAGE < 80" | bc -l) )); then | |
echo "Code coverage is below 80%, build failed." | |
exit 1 | |
fi | |
echo "Code coverage check passed!" | |
shell: bash | |
- name: Debug AWS Credentials | |
run: | | |
echo "AWS_REGION=${{ secrets.AWS_REGION }}" | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
echo "ECR_REPO_URI=${{ secrets.ECR_REPO_URI }}" | |
- name: Build, Test, and Analyze with Maven | |
run: | | |
mvn clean verify sonar:sonar \ | |
-Dsonar.projectKey=ShopSmartSG_central-repo-service \ | |
-Dsonar.organization=shopsmartsg \ | |
-Dsonar.host.url=https://sonarcloud.io \ | |
-Dsonar.login=${{ secrets.SONAR_TOKEN }} \ | |
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
- name: Log in to Amazon ECR Public | |
run: | | |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/l0d0i0v3 | |
- name: Build Docker image | |
run: | | |
docker build -t shopsmartsg/central-repo-service . | |
docker tag shopsmartsg/central-repo-service:latest ${{ secrets.ECR_REPO_URI }}:latest | |
- name: Push Docker image to ECR | |
run: | | |
docker push ${{ secrets.ECR_REPO_URI }}:latest |