added workflows and amended pom

dvsa · May 9, 2024 · 2661028 · 2661028
1 parent 6e08b6f
commit 2661028
Show file tree

Hide file tree

Showing 7 changed files with 166 additions and 42 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -0,0 +1,54 @@
+name: CD
+
+on:
+    push:
+     branches:
+       -  main
+
+jobs:
+  release-please:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+
+  call-build-maven:
+    needs: release-please
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yaml
+
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: 
+      - release-please
+      - call-build-maven
+    steps:
+        - name: checkout code
+          uses: actions/checkout@v4
+
+        - name: Set up JDK 11
+          uses: actions/setup-java@v4
+          with:
+            java-version: '11'
+            distribution: 'corretto'
+            cache: 'maven'
+
+        - name: Publish to GitHub Packages Apache Maven
+          if: ${{needs.release-please.outputs.release_created}}
+          run: mvn --batch-mode deploy
+          env:
+            GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,17 @@
+name: CI
+
+on:
+    pull_request:
+
+jobs:
+  security:
+    name: Security
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  build-maven:      
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yaml
+    needs: security
+
+
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -0,0 +1,35 @@
+# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+
+name: Maven Package
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+        settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+
+    - name: Publish to GitHub Packages Apache Maven
+      run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/maven_build.yaml b/.github/workflows/maven_build.yaml
@@ -0,0 +1,18 @@
+name: Maven Build
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+    build:
+      name: build
+      runs-on: ubuntu-latest
+      steps:
+       - uses: actions/checkout@v4
+
+       - run: mvn -B -P github package
+
+
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,38 @@
+name: Security Scan
+
+on:
+  workflow_call:
+    inputs:
+      severity-threshold:
+        description: "Severity threshold"
+        required: false
+        default: "high"
+        type: string
+    secrets:
+      SNYK_TOKEN:
+        description: "Snyk token"
+        required: true
+  schedule:
+    # Weekly on Monday at 00:00 UTC
+    - cron: 0 0 * * 1
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:      
+    scan:
+        name: scan
+        runs-on: ubuntu-latest
+        steps:
+
+        - uses: actions/checkout@v4
+        - uses: snyk/actions/setup@master
+        - uses: actions/setup-java@v4
+          with:
+            distribution: "corretto"
+            java-version: "11"
+            cache: maven    
+        - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }} -- -P github 
+          env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/pom.xml b/pom.xml
@@ -21,6 +21,7 @@
         <mustache.version>0.9.11</mustache.version>
         <slf4j.version>2.22.0</slf4j.version>
         <slf4j-log4j12.version>2.22.0</slf4j-log4j12.version>
+        <github.url>https://maven.pkg.github.com/dvsa/vol-accessibility-lib</github.url>
     </properties>
 
     <repositories>
@@ -90,12 +91,11 @@
             <scope>compile</scope>
         </dependency>
     </dependencies>
-
-    <!--  Nexus Configuration  -->
     <distributionManagement>
         <repository>
-            <id>maven-releases</id>
-            <url>${nexus.releases}</url>
+            <id>github</id>
+            <name>GitHub dvsa Apache Maven Packages</name>
+            <url>${github.url}</url>
         </repository>
     </distributionManagement>
 </project>