Skip to content

Kavitha|add vulnerabilities to trivy ignore (#203) #986

Kavitha|add vulnerabilities to trivy ignore (#203)

Kavitha|add vulnerabilities to trivy ignore (#203) #986

name: Build and Publish OpenMRS
on:
push:
branches:
- Bahmni-IPD-master
paths-ignore:
- "**.md"
workflow_dispatch:
jobs:
Trivy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Trivy Scan
run: |
wget -q https://raw.githubusercontent.com/Bahmni/bahmni-infra-utils/main/trivy_scan.sh && chmod +x trivy_scan.sh
./trivy_scan.sh
rm trivy_scan.sh
build-publish-docker:
name: Build & Publish Docker Image
runs-on: ubuntu-latest
needs: Trivy
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: |
./mvnw --no-transfer-progress -U clean install
env:
USER_NAME: ${{ secrets.USERNAME }}
ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Docker Build and push
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm64
file: package/docker/openmrs/Dockerfile
push: true
tags: bahmni/openmrs:ipd-${{ github.run_number }}, bahmni/openmrs:ipd
trigger-workflow:
name: Trigger workflow to deploy to Docker env
needs:
- build-publish-docker
- Trivy
runs-on: ubuntu-latest
env:
EVENT_TYPE: openmrs-ipd-openmrs-event
steps:
- name: Create repository_dispatch
run: |
trigger_result=$(curl -s -o trigger_response.txt -w "%{http_code}" -X POST -H "Accept: application/vnd.github.v3+json" -H 'authorization: Bearer ${{ secrets.IPD_PAT }}' https://api.github.com/repos/${{ secrets.IPD_ORG_NAME }}/${{ secrets.IPD_REPOSITORY_NAME }}/dispatches -d '{"event_type":"'"${EVENT_TYPE}"'"}')
if [ $trigger_result == 204 ];then
echo "Trigger to $ORG_NAME/$REPOSITORY_NAME Success"
else
echo "Trigger to $ORG_NAME/$REPOSITORY_NAME Failed"
cat trigger_response.txt
exit 1
fi