Bindu |Fix Critical and High security vulnerabilities with the spring… #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish | |
on: | |
push: | |
branches: | |
- Bahmni-IPD-master | |
paths-ignore: | |
- "**.md" | |
workflow_dispatch: | |
jobs: | |
Trivy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Trivy Scan | |
run: | | |
wget -q https://raw.githubusercontent.com/Bahmni/bahmni-infra-utils/main/trivy_scan.sh && chmod +x trivy_scan.sh | |
./trivy_scan.sh | |
rm trivy_scan.sh | |
build-publish-docker: | |
name: Build & Publish Docker Image | |
runs-on: ubuntu-20.04 | |
needs: Trivy | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'corretto' | |
java-version: '17' | |
- name: Build & Test | |
run: ./mvnw clean install | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Docker Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
file: Dockerfile | |
push: true | |
tags: bahmni/event-router-service:ipd-${{ github.run_number }}, bahmni/event-router-service:ipd | |
trigger-workflow: | |
name: Trigger workflow to deploy to docker env | |
needs: | |
- build-publish-docker | |
- Trivy | |
runs-on: ubuntu-latest | |
env: | |
EVENT_TYPE: bahmni-ipd-event-router-service-event | |
steps: | |
- name: Create repository_dispatch | |
run: | | |
trigger_result=$(curl -s -o trigger_response.txt -w "%{http_code}" -X POST -H "Accept: application/vnd.github.v3+json" -H 'authorization: Bearer ${{ secrets.IPD_PAT }}' https://api.github.com/repos/${{ secrets.IPD_ORG_NAME }}/${{ secrets.IPD_REPOSITORY_NAME }}/dispatches -d '{"event_type":"'"${EVENT_TYPE}"'"}') | |
if [ $trigger_result == 204 ];then | |
echo "Trigger Success" | |
else | |
echo "Trigger Failed" | |
cat trigger_response.txt | |
exit 1 | |
fi |