Skip to content
Closed
77 changes: 36 additions & 41 deletions .github/workflows/ci-cd-java.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
name: ci-cd-java.yml

permissions:
contents: read
packages: read
permissions: {}

on:
workflow_call:
Expand Down Expand Up @@ -32,15 +30,19 @@ env:
IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"

jobs:
build-check-test-push:
name: Build, check, test, push
ci:
name: Build, check, test
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
clean: 'true'
fetch-depth: 2
persist-credentials: false

# Required since custom scripts from /scripts are being used
- name: Resolve shared workflow ref
Expand All @@ -66,6 +68,7 @@ jobs:
repository: HSLdevcom/transitdata-shared-workflows
ref: ${{ steps.resolve_shared_workflow_ref.outputs.shared_workflow_ref }}
path: .shared-workflows
persist-credentials: false

- name: Setup JDK
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
Expand Down Expand Up @@ -161,45 +164,44 @@ jobs:
name: 'app.jar'
path: '/app/app.jar'

release:
name: Build & push Docker image
needs: ci
if: >-
github.ref == 'refs/heads/main' ||
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/aks-dev' ||
startsWith(github.ref, 'refs/tags/') ||
inputs.performRelease == true
runs-on: ubuntu-latest
environment: docker-hub-release
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
clean: 'true'
Comment thread
github-advanced-security[bot] marked this conversation as resolved.
Fixed
persist-credentials: false

- name: Set Docker Image Name
env:
IMAGE_NAME_INPUT: ${{ inputs.imageName }}
run: |
OWNER="${GITHUB_REPOSITORY%%/*}"

if [[ -n "${{ inputs.imageName }}" ]]; then
IMAGE_NAME="${OWNER,,}/${{ inputs.imageName }}"
if [[ -n "${IMAGE_NAME_INPUT}" ]]; then
IMAGE_NAME="${OWNER,,}/${IMAGE_NAME_INPUT}"
else
IMAGE_NAME="${GITHUB_REPOSITORY,,}"
fi

echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV"

- name: Build Docker Image
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
context: ${{ inputs.workingDirectory }}
push: 'false'
tags: 'hsldevcom/${{ env.IMAGE_NAME }}:${{ github.sha }}'
secrets: |
github_token=${{ secrets.GITHUB_TOKEN }}
build-args:
GITHUB_ACTOR=${{ github.actor }}

- name: Check if perform release
id: perform_release
run: |
PERFORM_RELEASE=false
if [[ "${GITHUB_REF}" == "refs/heads/main" || "${GITHUB_REF}" == "refs/heads/develop" || "${GITHUB_REF}" == "refs/heads/aks-dev" ]]; then
PERFORM_RELEASE=true
elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
PERFORM_RELEASE=true
elif [[ "${{ inputs.performRelease }}" == "true" ]]; then
PERFORM_RELEASE=true
fi
echo "PERFORM_RELEASE=${PERFORM_RELEASE}" >> $GITHUB_ENV
echo "Perform release: ${PERFORM_RELEASE}"
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

- name: Extract Docker metadata
if: ${{ env.PERFORM_RELEASE == 'true' }}
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
Expand All @@ -212,26 +214,19 @@ jobs:
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.vendor=hsldevcom

- name: Setup Docker Buildx
if: ${{ env.PERFORM_RELEASE == 'true' }}
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

- name: Login to Docker Hub
if: ${{ env.PERFORM_RELEASE == 'true' }}
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKER_HUB_INFODEVOPS_USERNAME }}
password: ${{ secrets.DOCKER_HUB_INFODEVOPS_TOKEN }}

- name: Build & Push Docker image
if: ${{ env.PERFORM_RELEASE == 'true' }}
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
context: ${{ inputs.workingDirectory }}
push: ${{ env.PERFORM_RELEASE }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
secrets: |
github_token=${{ secrets.GITHUB_TOKEN }}
build-args: |
GITHUB_ACTOR=${{ github.actor }}
github_actor=${{ github.actor }}
67 changes: 33 additions & 34 deletions .github/workflows/ci-cd-kotlin.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
name: ci-cd-kotlin.yml

permissions:
contents: read
packages: read
permissions: {}

on:
workflow_call:
Expand Down Expand Up @@ -34,15 +32,19 @@ env:
IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"

jobs:
build-check-test-push:
name: Build, check, test, push
ci:
name: Build, check, test
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
clean: 'true'
fetch-depth: 2
persist-credentials: false

# Required since custom scripts from /scripts are being used
- name: Resolve shared workflow ref
Expand All @@ -67,6 +69,7 @@ jobs:
repository: HSLdevcom/transitdata-shared-workflows
ref: ${{ env.SHARED_WORKFLOW_REF }}
path: .shared-workflows
persist-credentials: false

- name: Setup JDK
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
Expand All @@ -90,24 +93,24 @@ jobs:
if: ${{ inputs.runTestsInsideDocker }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_ACTOR_ARG: ${{ github.actor }}
GITHUB_ACTOR: ${{ github.actor }}
DOCKER_BUILDKIT: "1"
run: |
cat > /tmp/Dockerfile.test << DOCKERFILE
# syntax=docker/dockerfile:1
# check=error=true
FROM ${TEST_BASE_IMAGE}
WORKDIR /usr/app
ARG GITHUB_ACTOR=github-actions
COPY . .
RUN --mount=type=secret,id=github_token \
--mount=type=secret,id=github_actor \
export GITHUB_TOKEN="\$(cat /run/secrets/github_token)" && \
export GITHUB_ACTOR="\$GITHUB_ACTOR" && \
export GITHUB_ACTOR="\$(cat /run/secrets/github_actor)" && \
./gradlew test --stacktrace --no-daemon
DOCKERFILE
docker build \
--secret id=github_token,env=GITHUB_TOKEN \
--build-arg "GITHUB_ACTOR=${GITHUB_ACTOR_ARG}" \
--secret id=github_actor,env=GITHUB_ACTOR \
-f /tmp/Dockerfile.test \
.

Expand Down Expand Up @@ -153,36 +156,34 @@ jobs:
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Lowercase Docker Image Name
run: |
echo "IMAGE_NAME=${IMAGE_NAME_MIXED_CASE,,}" >> "${GITHUB_ENV}"
- name: Build Docker Image
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
release:
name: Build & push Docker image
needs: ci
if: >-
github.ref == 'refs/heads/main' ||
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/aks-dev' ||
startsWith(github.ref, 'refs/tags/') ||
inputs.performRelease == true
runs-on: ubuntu-latest
environment: docker-hub-release
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
context: .
push: 'false'
tags: 'hsldevcom/${{ env.IMAGE_NAME }}:${{ github.sha }}'
clean: 'true'
Comment thread
github-advanced-security[bot] marked this conversation as resolved.
Fixed
persist-credentials: false

- name: Check if perform release
id: perform_release
- name: Lowercase Docker Image Name
run: |
PERFORM_RELEASE=false
if [[ "${GITHUB_REF}" == "refs/heads/main" || "${GITHUB_REF}" == "refs/heads/develop" || "${GITHUB_REF}" == "refs/heads/aks-dev" ]]; then
PERFORM_RELEASE=true
elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
PERFORM_RELEASE=true
elif [[ "${{ inputs.performRelease }}" == "true" ]]; then
PERFORM_RELEASE=true
fi
echo "PERFORM_RELEASE=${PERFORM_RELEASE}" >> $GITHUB_ENV
echo "Perform release: ${PERFORM_RELEASE}"
echo "IMAGE_NAME=${IMAGE_NAME_MIXED_CASE,,}" >> "${GITHUB_ENV}"

- name: Setup Docker Buildx
if: env.PERFORM_RELEASE == 'true'
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

- name: Extract Docker metadata
if: env.PERFORM_RELEASE == 'true'
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
Expand All @@ -196,17 +197,15 @@ jobs:
org.opencontainers.image.vendor=hsldevcom

- name: Login to Docker Hub
if: env.PERFORM_RELEASE == 'true'
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKER_HUB_INFODEVOPS_USERNAME }}
password: ${{ secrets.DOCKER_HUB_INFODEVOPS_TOKEN }}

- name: Build & Push Docker image
if: env.PERFORM_RELEASE == 'true'
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
context: .
push: ${{ env.PERFORM_RELEASE }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Loading
Loading