Add Task Runner to Java #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: java | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - feature/** | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| - feature/** | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
| - name: Setup Task | |
| uses: arduino/setup-task@v2 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GH_TOKEN }} | |
| - name: Setup Dockle | |
| run: | | |
| VERSION=$( | |
| curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \ | |
| grep '"tag_name":' | \ | |
| sed -E 's/.*"v([^"]+)".*/\1/' \ | |
| ) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb | |
| sudo dpkg -i dockle.deb && rm dockle.deb | |
| - name: Setup Trivy | |
| run: | | |
| sudo apt-get install wget apt-transport-https gnupg | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null | |
| echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| - name: Create Buildx builder | |
| run: | | |
| docker buildx create --name my-builder --use | |
| docker buildx inspect --bootstrap | |
| - name: Build Java Image | |
| run: task java:build | |
| - name: Verify the built image follows the best practises | |
| run: task java:verify | |
| - name: Scan the built image for vulnerabilities | |
| run: task java:scan | |
| - name: Push the built image to docker hub | |
| run: task java:push |